Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!spool2.mu.edu!uwm.edu!ux1.cso.uiuc.edu!mp.cs.niu.edu!rickert
From: rickert@mp.cs.niu.edu (Neil Rickert)
Newsgroups: comp.unix.internals
Subject: Re: NFS & security (was Re: Complex security mechanism is unsecure)
Message-ID: <1990Dec16.200454.31103@mp.cs.niu.edu>
Date: 16 Dec 90 20:04:54 GMT
References: <4627@pkmab.se> <4088@osc.COM> <RANG.90Dec16131137@nexus.cs.wisc.edu>
Organization: Northern Illinois University
Lines: 16

In article <RANG.90Dec16131137@nexus.cs.wisc.edu> rang@cs.wisc.edu (Anton Rang) writes:
>
>  Does Sun still install their OS distributions with directories owned
>by bin?  This one bit me once, before I realized how easy it was to
>spoof the YP "authentication" (netgroups stuff) which was being used
>to "restrict" (ha!) people from mounting our servers....  Sigh.

 Not only that, but they still install their distributions with a '+' in
/etc/hosts.equiv, leaving a security hole big enough to drive a truck
through.

-- 
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
  Neil W. Rickert, Computer Science               <rickert@cs.niu.edu>
  Northern Illinois Univ.
  DeKalb, IL 60115                                   +1-815-753-6940