RE: Is it so easy to break into an NIS?

To: Debian Security <debian-security@lists.debian.org>
Subject: RE: Is it so easy to break into an NIS?
From: "Jones, Steven" <sjones08@eds.com>
Date: Wed, 19 Mar 2003 13:13:40 +1200
Message-id: <[🔎] 3CE8E66CCD5A9E44A31436D8774C89E901111E1E@nzlsm201.nz.eds.com>

yes

NIS+ is a bit better, but basically its in-adequate security wise. It should
not be considered for a new system/network IMHO.

regards

Steven

-----Original Message-----
From: Haim Ashkenazi [mailto:haim@consonet.com]
Sent: Wednesday, 19 March 2003 12:30 
To: Debian Security
Subject: OT: Is it so easy to break into an NIS?


Hi

A friend just asked me this question and I got curious. say I'm equipped
with a linux laptop and some knowledge, I can walk into a company that uses
NIS, find out the settings (NISDOMAIN, free ip address, etc...) and join
their domain. now I can login as root on my computer, su to any user and
see/change/delete his files. is it that easy?

of-course, administrators should protect their mounts with netgroups
permissions, and users should protect their important files with encryption,
but how many of these you see?

any ideas? suggestions?

Bye
-- 
Haim


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org

Reply to:

Prev by Date: Re: OT: Is it so easy to break into an NIS?
Next by Date: Re: ptrace vulnerability?
Previous by thread: Re: OT: Is it so easy to break into an NIS?
Next by thread: Re: Apache Virtual Hosts Chroot ?
Index(es):
- Date
- Thread