sgf@cfm.brown.edu (Sam Fulcomer) (03/16/90)
One of the problems, ahh... projects I'm working on now is ripping the guts out of the YP code to make it work properly. Not only is it one of the ugliest lumbering warthog pieces of code I've ever seen, it's a heinous security hole in any domain that runs ypserv on a machine that's accessible over the net. ypserv happily hands out passwd files to anyone who asks for them. No programming hacks are required. If you run ypserv, make sure that the ypserver machine has no default route set (and don't run it on your gateway). I would think that well-known machines like sun.com would know better... sgf@cfm.brown.edu "I solemnly swear not to divulge trade secrets that I didn't ever not know."
glenn@csri.toronto.edu (Glenn Mackintosh) (03/24/90)
sgf@cfm.brown.edu (Sam Fulcomer) writes: >One of the problems, ahh... projects I'm working on now is ripping the >guts out of the YP code to make it work properly. Not only is it one of >the ugliest lumbering warthog pieces of code I've ever seen, it's a >heinous security hole in any domain that runs ypserv o. Some time ago, I wrote replacement YP routines for our sun environment here because SUN's was so slow. I have implemented all of the library routines (yp_match, etc.). It does not use YP server client arrangement that SUN's YP does, they assume that the database files are in a publicly accessible place (either nfs mounted, track'ed, rdist'ed or some other method). It uses ndbm for some of the database accessing but for yp_first/next it opens the files and walks through them sequentially, this speeds some things up by about an order of magnitude (finger comes down from 15-20 seconds to about 2 seconds). There is a README file that explains the setup. I don't really want to make this generally available yet since it has only been tried on one other site so far. They have had no problems with it so I guess it's time to look for a few beta test sites. It has been tested fairly thoroughly here. So if a handfull of you out there are interested let me know and I can send you a shar of the code. I did not rewrite the header files or man pages since they are the same as Sun's so you will need to have them. Glenn Mackintosh Univ. of Toronto CSNET/ARPA: glenn@eecg.{toronto.edu,utoronto.ca} CDNNET: glenn@eecg.toronto.cdn BITNET: glenn@eecg.utoronto.bitnet (may not work from all sites) UUCP: uunet!utai!eecg!glenn