[7264] in bugtraq
Re: Forwared to me
daemon@ATHENA.MIT.EDU (Jason Downs)
Tue Jul 14 16:33:05 1998
Date: Mon, 13 Jul 1998 14:03:05 -0700
Reply-To: Jason Downs <downsj@DOWNSJ.COM>
From: Jason Downs <downsj@DOWNSJ.COM>
X-To: "Michael H. Warfield" <mhw@ALCOVE.WITTSEND.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Message from "Michael H. Warfield" <mhw@ALCOVE.WITTSEND.COM> of
"Mon, 13 Jul 1998 11:46:04 EDT."
<199807131546.LAA03184@alcove.wittsend.com>
In message <199807131546.LAA03184@alcove.wittsend.com>,
"Michael H. Warfield" writes:
> My contacts at Sun were concerned that I was revealing too much
>information in this advisory (the complete text of which is attached below).
>My concern was that I was revealing too little and would fail to convey
>the magnitude of the problem or run into people who would be unable to
>reproduce the problem and discount it. That appears to be the case here
>so I will provide a few more hints and guidance to help reproduce this.
>(Gee I feel like that faint voice in the game "Adventure" that asks you
>if you would like a hint. :-) )
Of course, everyone could simply pay more attention and they wouldn't be
as surprised by 'little things' like finger taking out their systems.
revision 1.4
date: 1996/12/08 13:29:19; author: downsj; state: Exp; lines: +14 -6
Disable matching by default if a domainname is set, adding -M to reenable it.
Over a year and a half ago I fixed this in OpenBSD.
Granted, matching is still enabled if a YP domainname is not set. When you
have tens of thousands of users in the local password file, it can still cause
problems. (But at that point, you have a few dozen other things slowing
down as well.)
--
Jason Downs (360) 694-3110
downsj@downsj.com
Sending unsolicited commercial email to this address may be a violation of
the Washington State Consumer Protection Act, chapter 19.86 RCW.
