Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Replacement for NIS? (was Re: Obtaining NIS domainname from
From: J.S.Peatfield () damtp cam ac uk (Jon Peatfield)
Date: Sat, 15 Apr 1995 16:35:13 +0100


One's own domainname, nothing.  But someone else knowing your
domainname gives that someone a significant edge when it comes to
breaking in to your machines.

Given the more recent versions of ypserv I don't see any major security 
problems left with YP.  i.e the patches which Sun (at least, and maybe HP if 
you believe their docs) produced which tells a ypserv and portmapper which 
machines they should talk to.

Back before these patches one could extract yp maps from a random domain using 
ypxfer, or hand written code but this no longer works with the newer code.

If there are other security hole left please enlighten me.

Is there a "better" NIS [...]

I'd be interested in hearing about any such.  I'm almost ready to try
my hand at writing one myself, but so far the perceived need has not
yet been sufficient to make me allocate the time.

A good starting point might be the 386/BSD, Linux YP implementation.  Since 
the source is available you can add whatever security measures you like to it. 
 I'm not sure if their ypserv/ypbind are drop-in replacements for the ONC 
versions, (e.g. if the file formatt etc are the same), but it shouldn't be too 
hard to check.

  -- Jon Peatfield  (DAMTP, unix network admin)



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]