DNS & YP...
Sam Fulcomer
sgf at cfm.brown.edu
Fri Mar 16 05:09:22 AEST 1990
One of the problems, ahh... projects I'm working on now is ripping the
guts out of the YP code to make it work properly. Not only is it one of
the ugliest lumbering warthog pieces of code I've ever seen, it's a
heinous security hole in any domain that runs ypserv on a machine that's
accessible over the net.
ypserv happily hands out passwd files to anyone who asks for them. No
programming hacks are required. If you run ypserv, make sure that the
ypserver machine has no default route set (and don't run it on your
gateway). I would think that well-known machines like sun.com would know
better...
sgf at cfm.brown.edu
"I solemnly swear not to divulge trade secrets that I didn't ever not know."
More information about the Comp.sys.sun
mailing list