Bugtraq mailing list archives
Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox)
From: benji () haven boston ma us (Benjamin Cline)
Date: Sat, 15 Apr 1995 11:20:07 -0400 (EDT)
According to Dale Babiy:
On Wed, 12 Apr 1995, der Mouse wrote:Is there a "better" NIS [...]I'd be interested in hearing about any such. I'm almost ready to try my hand at writing one myself, but so far the perceived need has not yet been sufficient to make me allocate the time.We're running NeXTStep here, do you, or anyone else for that matter, know of any security holes concerning the NetInfo NIS(type) system that deals with our local information sharing? So far we've been lucky, I'd like to stop being lucky and start being resonably intelligent.
I don't know of any gaping, obvious holes in NetInfo, although I have yet to really sit down and try to find any (which is on my list of things to get to, some day). You should enable the "Limit information to local network" option (see the on-line sys-admin docs for information on just how to do this (I don't remember off the top of my head :-)). Also, because NetInfo is rpc based, you would be well advised to protect your network with a filtering bridge or router. As is typical for rpc based services, NetInfo doesn't use any fixed port, so I very muchs suggest a filtering strategy of blocking everything except that which is expressly permitted. And while I'm at it, I believe NeXT's portmap suffers from the bug that it will allow complete NFS access for any packets claiming to be from the loopback address (once again, this is something I need to test and verify). benji -- Benjamin R. Cline Large Furry Mammal benji () haven boston ma us Never set sail with two opinions, always take one or three. Government should be like bamboo: strong, light, flexible
Current thread:
- Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) Scott Barman (Apr 12)
- <Possible follow-ups>
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) der Mouse (Apr 12)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) Timothy Newsham (Apr 13)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) Dale Babiy (Apr 13)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) Benjamin Cline (Apr 15)
- Obtaining NIS domainname from Gatorbox Dennis Glatting (Apr 15)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Jon Peatfield (Apr 15)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Andreas Siegert (Apr 17)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Bob Beck (Apr 18)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) Scott Barman (Apr 13)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) Terje Normann Marthinussen (Apr 13)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) der Mouse (Apr 14)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) der Mouse (Apr 14)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) der Mouse (Apr 14)
- Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox) Jim Thompson (Apr 16)