> From: Howie Kaye <howie@ivory.cc.columbia.edu> > To: bugtraq@crimelab.com, cert@cert.org, security-alert@sun.com > Cc: cu-usag@columbia.edu > Since SUNs come with a yppasswd program which is also suid'ed (and is > bit for bit identical to passwd -- chfn, chsh, ypchfn, ypchsh are all > links to passwd, but yppasswd is a separate copy.), it needs to be > updated also. This is true. I recommend doing what we at Panix have always done -- made yppasswd a hard link to passwd, just like all the other yp and ch junk. There does not seem to be a good reason to do otherwise, unless there were permissions considerations. -- John Hawkinson jhawk@panix.com