[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: perl or libc6 bug?: getpwnam('root') in NIS environment

In article <cistron.ytt676yhlmy.fsf@gilgamesh.cse.ucsc.edu>,
Ben Gertzfield  <che@debian.org> wrote:
>    Miquel> You mean that it's not meaningful on a windows box. It's
>    Miquel> useless for NIS aas well - it's too slow. I've tried to
>    Miquel> use ident for NIS security - slow, as I said.
>Just curious, but how do you then determine the user that's accessing
>the maps?

Well it turns out that Sun RPC (which basically is also used by Linux libc)
always tries to bind to a priviliged port before sending any RPC packet.
That means that all RPC requests will originate from a reserved port if
a root process did the request and from a non-reserved port if joe user
did the request ...

Still this is only safe if you can trust the remote host. Never configure
NIS access for an entire subnet if there are Macs, PCs or user-owned/adminned
Linux boxes on it.

Indifference will certainly be the downfall of mankind, but who cares?

Reply to: