|
Bugtraq
mailing list archives
Re: Forwared to me
From: downsj () DOWNSJ COM (Jason Downs)
Date: Mon, 13 Jul 1998 14:03:05 -0700
In message <199807131546.LAA03184 () alcove wittsend com>,
"Michael H. Warfield" writes:
My contacts at Sun were concerned that I was revealing too much
information in this advisory (the complete text of which is attached below).
My concern was that I was revealing too little and would fail to convey
the magnitude of the problem or run into people who would be unable to
reproduce the problem and discount it. That appears to be the case here
so I will provide a few more hints and guidance to help reproduce this.
(Gee I feel like that faint voice in the game "Adventure" that asks you
if you would like a hint. :-) )
Of course, everyone could simply pay more attention and they wouldn't be
as surprised by 'little things' like finger taking out their systems.
revision 1.4
date: 1996/12/08 13:29:19; author: downsj; state: Exp; lines: +14 -6
Disable matching by default if a domainname is set, adding -M to reenable it.
Over a year and a half ago I fixed this in OpenBSD.
Granted, matching is still enabled if a YP domainname is not set. When you
have tens of thousands of users in the local password file, it can still cause
problems. (But at that point, you have a few dozen other things slowing
down as well.)
--
Jason Downs (360) 694-3110
downsj () downsj com
Sending unsolicited commercial email to this address may be a violation of
the Washington State Consumer Protection Act, chapter 19.86 RCW.
 By Date 
By Thread
Current thread:
Re: ncurses 4.1 security bug Casper Dik (Jul 09)
Re: ncurses 4.1 security bug Matt Evans (Jul 09)
| 
Intro
