flur@duke.gatech.edu (Peter W. Flur) (04/03/90)
I have seen this somewhere before, but I want to re-post it for those that have not seen it. There is a bug in the NetInfo system that allows anyone to get root priveledges easily if you are running yellow pages. If you put an entry in the password file as +:::::, there will be a user called "+" that has uid 0, or root, without a password. Try it. It is true. However, there is one solution I have found that works. In the password file, place two entries, +:::::, first, to read the yellow pages, and a second entry, +:*::::, to remove the accessibility to the + account. After niloading the password file, the second + account overrides the first for passwords. There is a problem with this as well. If you then nidump the password file, only the +:*:::: entry will appear. So if you dump it and then re-load it, the yellow pages will not be read. Users only in the yellow pages will then have no account on the machine. Be sure to always add the first +::::: account back in. If there are any other work-arounds, I'd love to hear about them. Peter ----------------------------Peter Flur---------------------------- USMAIL: Box 32500 Georgia Tech, School of Electrical Engineering, Atlanta, GA 30332 USENET: ...!{allegra,hplabs,ihnp4,ulysses}!gatech!duke!flur INTERNET: flur@duke.gatech.edu, gt2500a@prism.gatech.edu PHONE: (404) 853-9355