Re: rpc.ypupdated

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: mulligan@future.incog.com: "Re: ufsrestore suid root not a security hole"
• Previous message: Marcelo Maia Sobral: "rpc.ypupdated"
• In reply to: Marcelo Maia Sobral: "rpc.ypupdated"
• Next in thread: Martin Hamilton: "Re: rpc.ypupdated"

>   I've fixed the SunOS 4.1.3 ypupdated bug (I think). Using tcp_wrapper tcpd
>to call rpc.ypupdated by inetd, and restricting access for local domain machines,
>has blocked this security gap. Here follows the steps:
>...
>  3) Create the file /etc/hosts.deny with the entry:
>
>    rpc.ypupdated : ALL : (/usr/ucb/finger -l @%h | /usr/ucb/mail -s %d-%h root) &

Er... what if the remote site's fingerd returns output which uses UCB mail's
~-escapes to run commands, or amend the headers and mail "interesting" files
somewhere? [I don't think I'll stick my neck out in this forum and risk
any suggestions about better ways to send the mail! :-)]

                                John Line
--
John Line - Cambridge University Computing Service, Computer Laboratory,
            New Museums Site, Pembroke Street, Cambridge CB2 3QG, England.
Internet: jml4@cus.cam.ac.uk  JANET: jml4@uk.ac.cam.cus  Phone: +44 1223 334708

• Next message: mulligan@future.incog.com: "Re: ufsrestore suid root not a security hole"
• Previous message: Marcelo Maia Sobral: "rpc.ypupdated"
• In reply to: Marcelo Maia Sobral: "rpc.ypupdated"
• Next in thread: Martin Hamilton: "Re: rpc.ypupdated"