Re: nis & shadow
Yes, it is getting quite silly. By the way my root password is "root". Part of my point
was indeed that no system is secure. My main point however was simply that one shouldn't
advise (or imply) that a given practice is secure (and we agree that nothing is) without
disclosing the primary vulnerabilities. In this particular instance, the claim was that
"the password field in an NIS lookup will be garbled if the user isn't root" and I simply
pointed out that this was crap. I speculated that ident was being used and I was wrong
about that, it relies on it being "a privileged port". Fine, that doesn't invalidate my
original point.
Miquel van Smoorenburg wrote:
> In article <[🔎] 34ED97F3.C28045C6@bdsinc.com>,
> Jens B. Jorgensen <jjorgens@bdsinc.com> wrote:
> >Oh, pardon me. That really is safe then. NOT! If I can plug into your ethernet, I can
> >have your NIS maps.
>
> This is getting silly. Even if you install $100,000 worth of crypto
> devices I can still come in, hold a gun to your head and get a root
> prompt. So no system is secure. Why not mail me your root password
> right away.
--
Jens B. Jorgensen
jjorgens@bdsinc.com
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: