Bugtraq mailing list archives
Re: Replacement for NIS? (was Re: Obtaining NIS domainname from
From: J.S.Peatfield () damtp cam ac uk (Jon Peatfield)
Date: Sat, 15 Apr 1995 16:35:13 +0100
One's own domainname, nothing. But someone else knowing your domainname gives that someone a significant edge when it comes to breaking in to your machines.
Given the more recent versions of ypserv I don't see any major security problems left with YP. i.e the patches which Sun (at least, and maybe HP if you believe their docs) produced which tells a ypserv and portmapper which machines they should talk to. Back before these patches one could extract yp maps from a random domain using ypxfer, or hand written code but this no longer works with the newer code. If there are other security hole left please enlighten me.
Is there a "better" NIS [...]I'd be interested in hearing about any such. I'm almost ready to try my hand at writing one myself, but so far the perceived need has not yet been sufficient to make me allocate the time.
A good starting point might be the 386/BSD, Linux YP implementation. Since the source is available you can add whatever security measures you like to it. I'm not sure if their ypserv/ypbind are drop-in replacements for the ONC versions, (e.g. if the file formatt etc are the same), but it shouldn't be too hard to check. -- Jon Peatfield (DAMTP, unix network admin)
Current thread:
- Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) Scott Barman (Apr 12)
- <Possible follow-ups>
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) der Mouse (Apr 12)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) Timothy Newsham (Apr 13)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) Dale Babiy (Apr 13)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) Benjamin Cline (Apr 15)
- Obtaining NIS domainname from Gatorbox Dennis Glatting (Apr 15)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Jon Peatfield (Apr 15)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Andreas Siegert (Apr 17)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Bob Beck (Apr 18)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) Scott Barman (Apr 13)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) Terje Normann Marthinussen (Apr 13)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) der Mouse (Apr 14)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) der Mouse (Apr 14)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) der Mouse (Apr 14)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) Jim Thompson (Apr 16)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) Terje Normann Marthinussen (Apr 17)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) Ollivier Robert (Apr 18)