Subject: Re: security/4555: /etc/daily can give misleading advice
To: None <gnats-bugs@NetBSD.ORG, netbsd-bugs@NetBSD.ORG>
From: Todd Vierling <tv@NetBSD.ORG>
Date: 11/26/1997 08:16:45
My take on this bug: Since '+' is the known NIS cookie, and the getpw*()
routines properly understand this and never pass it to a calling program,
and its 'password' is unusable in /etc/passwd (the V7 passwd file), I
believe this should be filtered from /etc/daily.
At best, /etc/daily should warn if user/group '+' exists and ypbind is not
I'd be glad to fix this before release if this sounds reasonable.
== Todd Vierling (Personal email@example.com; Business firstname.lastname@example.org)
== Vierling's Axiom: The revolution won't be televised; it will be posted.