[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ypserv core dump




On Mon, 6 Sep 1999, Jason Downs wrote:

> Hi,
> 
> Most of us on misc@openbsd.org really don't appreciate receiving core files
> in our mail boxes.  All they do is waste an incredible amount of bandwidth.
Sorry for that. I just didn't realize that a gzipped a file will affect
your bandwidth that much.  Even when we download a webpage, it is normally
bigger than that.
 
> 
> Also, I guess you didn't realize that ypserv would, as a matter of course,
> have portions of the maps it was serving in it's memory.  And now those
> map portions, including many of your own encrypted passwords and usernames,
> are sitting in many hundred of people's email boxes, just waiting for the
> mildly curious to run strings(1) on the core file that you've so kindly
> mailed to them.
> 
> I certainly hope none of your machines are directly connected to the
> Internet.
Ohm... I didn't know ypserv contains the password information. Thank
you for telling me that. But none of my machines are directly connected to
the Internet. If anyone can break in, that mean OpenBSD is not secure
enough, since I'm using OpenBSD as the firewall. :-)

Besides the complains about bandwidth, and kindly warnings about security,
can anyone give me any useful suggestion for this core dump?

thanks,

Cindy Ding