The original question was:
> Date: Tue, 21 May 1996 19:23:15 +0200
> From: Jean-Christophe Touvet <touvet@champagne.edelweb.fr>
> To: sun-managers@ra.mcs.anl.gov
>
> Dear Managers,
>
> most of you are certainly aware of yesterday's AUSCERT Advisory concerning a
> NIS+ configuration vulnerability. Anyway, I have included below a copy of this
> message.
>
> My problem is that even having done suggested nischmod commands (and verified
> that niscat -o returns the expected output), it seems that any user on any
> machine of our net can still change its uid to any value, including 0 :-(
> Our NIS+ server runs Solaris 2.5 with no patch.
>
> I'm also concerned with permissions on other tables, mainly group.org_dir,
> which aren't addressed by this advisory, but which could certainly permit
> users to gain privileges in a similar way.
>
> Any NIS+ guru could tell me how I can set secure permissions on my NIS+
> tables ?
Many thanks to the following NIS+ Managers:
wib@cs.uni-kiel.de (Willi Burmeister)
Francis Liu <fxl@pulse.itd.uts.edu.au>
miked@fujitsu.com.au (Mike Daffey)
The answer was to check individual entry permissions. In fact, some users had
`----rmcdr---r---' access rights on their own entry, which let them change
their uid. After further investigations, I discovered that Solstice User
Manager is guilty. When we use this tool to create a new user, its access
rights are set incorrectly.
So, my new question is obvious: how could I tell Solstice to create NIS+
users with correct permissions, whithout having to run a nischmod command by
hand ?
TIA,
-JCT-
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:00 CDT