Re: securityhole /proc/sys/kernel/domainname

Swen Thuemmler (swen@uni-paderborn.de)
Tue, 20 Feb 1996 10:56:03 +0100 (MET)


On 19 Feb 1996, Christoph Lameter wrote:

> Even with a secure NIS implementation a user on a host in the domain
> can simply do a
>
> ypcat passwd
>
> to get at the passwords. If the getdomainname() call would require root priviledges
> then the ypcat would not be possible.

The user could also write a program:

setpwent();
while (NULL != (pw=getpwent()))
/* print entry */;
endpwent();

I don't think you want to abandon getpwent(). Restricting getdomainname()
does not really help to make your system more secure, but you will get a
lot of problems. All the passwd routines need getdomainname() (or
yp_get_default_domain(), which in turn calls getdomainname),
gethostbyname() calls it (if there is a "nis" entry in /etc/host.conf),
etc. If you don't want others to read your passwd, you have to use
something different, not NIS (perhaps NIS+, but I'm not sure it works,
did not try). Alternatively, check your passwd regularly with crack and
force your users to choose strong passwords.

Greetings, Swen