Date: Fri, 12 May 2000 11:31:47 -0600 From: Warner Losh <imp@village.org> To: Nick Sayer <nsayer@quack.kfu.com> Cc: hackers@FreeBSD.ORG Subject: Re: rexec as root Message-ID: <200005121731.LAA12588@harmony.village.org> In-Reply-To: Your message of "Fri, 12 May 2000 07:18:29 PDT." <391C12B5.E5A2DCD3@quack.kfu.com> References: <391C12B5.E5A2DCD3@quack.kfu.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <391C12B5.E5A2DCD3@quack.kfu.com> Nick Sayer writes: : I put it to everyone that the first and third checks are equivalent and : redundant. They are not redundant. They provide a little (although not much) extra security for those sites that have had a root account added by intruders which the admin know nothing of. In the absense of this test, machines in a yp netowrk would be extremely vulnerable to root uid penetration when an intruder can hack the yp database, or spoof replies. OK, so that's a weak wall for a weak protocol, but I'm pretty sure why the extra check for uid 0 is in there. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005121731.LAA12588>