Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox)
From: benji () haven boston ma us (Benjamin Cline)
Date: Sat, 15 Apr 1995 11:20:07 -0400 (EDT)

According to Dale Babiy:

On Wed, 12 Apr 1995, der Mouse wrote:

Is there a "better" NIS [...]

I'd be interested in hearing about any such.  I'm almost ready to try
my hand at writing one myself, but so far the perceived need has not
yet been sufficient to make me allocate the time.

We're running NeXTStep here, do you, or anyone else for that matter, know 
of any security holes concerning the NetInfo NIS(type) system that deals 
with our local information sharing?

So far we've been lucky, I'd like to stop being lucky and start being 
resonably intelligent.

I don't know of any gaping, obvious holes in NetInfo, although I have yet to 
really sit down and try to find any (which is on my list of things to get to,
some day). 

You should enable the "Limit information to local network" option (see the
on-line sys-admin docs for information on just how to do this (I don't remember
off the top of my head :-)). Also, because NetInfo is rpc based, you would be
well advised to protect your network with a filtering bridge or router. As is
typical for rpc based services, NetInfo doesn't use any fixed port, so I very
muchs suggest a filtering strategy of blocking everything except that which
is expressly permitted.

And while I'm at it, I believe NeXT's portmap suffers from the bug that it will
allow complete NFS access for any packets claiming to be from the loopback
address (once again, this is something I need to test and verify).


Benjamin R. Cline       Large Furry Mammal      benji () haven boston ma us
        Never set sail with two opinions, always take one or three.
         Government should be like bamboo: strong, light, flexible

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]