Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!apple!usc!sdsu!decwrl!sgi!vjs@rhyolite.wpd.sgi.com From: vjs@rhyolite.wpd.sgi.com (Vernon Schryver) Newsgroups: comp.protocols.tcp-ip Subject: Re: in re yp is insecure because it uses broadcast binding. Summary: yes, but yp is actively insecure Message-ID: <37439@sgi.SGI.COM> Date: 5 Jul 89 18:44:06 GMT References: <8907050408.AA20722@sparky.Eng.Sun.COM> Sender: daemon@sgi.SGI.COM Organization: Silicon Graphics, Inc., Mountain View, CA Lines: 35 In article <8907050408.AA20722@sparky.Eng.Sun.COM>, cpj@ENG.SUN.COM (Chuck Jerian) writes: > The use of broadcast binding in yp makes it no more or less secure than > ip in general.... > Scheme based on unecrypted addresses provide only the illusion of security. Agreed, but... An unknowing person can make a machine a YP server for the local domain. If the machine started with reasonable databases, it can be weeks or months before neighbors who happen to bind to the impostor start having problems, and then they tend to seem wierd and impossible. I've heard that you guys on the other side of the dump have often had the same problem. A similar problem occurs if two machines come up with the same IP address. However, in standard 4.xBSD, at least one of them will complain. We have found that having the complainer defend its address not only makes the other machine also complain, but can keep links up enough to fix the problem. It would be nice if ypserv could do something similar. Both of these are not security issues, except in the same very weak sense that memory protection makes an operating system "secure." It's more a matter of detecting and making difficult errors than of putting bad guys out of business. BTW, I miss-wrote about YP or DNS being incomplete solutions. I meant that either and/or both are incomplete and that ULTRIX and others have the right idea about letting you configure which of the 3 databases to consult in which order. I think that the issue should be decide not just by a file, but also be overridable with an environment variable, but that's a nit. Vernon Schryver Silicon Graphics vjs@sgi.com I hope mentioning ARP screaming make this sufficiently relevant.