[514] in linux-security and linux-alert archive
ypupdated hole
daemon@ATHENA.MIT.EDU (Olaf Kirch)
Tue Dec 12 05:23:11 1995
From: okir@monad.swb.de (Olaf Kirch)
To: linux-security@tarsier.cv.nrao.edu
Date: Thu, 7 Dec 1995 00:00:13 +0100 (MET)
Greg Spigelberg wrote:
> Whether or not a keyserv exists for Linux I still wouldn't discount
> this hole because Linux still runs many ports of the BSD servers.
Linux doesn't have a working set of `secure' RPC tools yet, fortunately.
I ported most of the stuff from RPCSRC-4.00 once, and even wrote a small
ypupdated replacement. Anyone interested in taking this any further
please contact me.
However, just installing the tools won't do you any good if you don't
require all other sensitive RPC tools to use DES authentication, too,
especially NFS. And that means changing the kernel code.
Olaf
