does anyone know about spoofing hesiod requests or replys or anything of that nature? Hesiod is supposed to only deal with non security sensitive data. Your user ID shell and home directory are determined by Hesiod... I would say at LEAST your uid should be concerned security sensitive. If you could spoof a reply for uid 0 I think you could take advantage of this. I could be simply ignorant to the use of Hesiod ... Definition of Hesiod: Hesiod, developed by MIT Project Athena, is an information service built upon BIND. Its intent is similar to that of Sun's NIS: to furnish information about users, groups, network-accessible file systems, printcaps, and mail service throughout an installation. Aside from its use of BIND rather than separate server code another important difference between Hesiod and NIS is that Hesiod is not intended to deal with passwords and authentication, but only with data that are not security sensitive. Hesiod servers can be implemented by adding resource records to BIND servers; or they can be implemented as separate servers separately administered. -KF
This archive was generated by hypermail 2b30 : Thu Jun 06 2002 - 10:51:12 PDT