Hello! Thanks for the report and the patch. One thing I'm curious about; isn't it possible for a local user to just use "ypcat passwd.adjunct.byname" to see the encrypted passwords? Regardless, I would be curious to see if upstream glibc would be willing to use your patch. Have you opened a bug with glibc? http://sourceware.org/bugzilla/
Also, IIUC, this is not a "private" security issue, in that NIS leaking encrypted passwords is a fairly well understood limitation. Should this bug be made public to get more people looking at it?
Hello! Thanks for the report and the patch. One thing I'm curious about; isn't it possible for a local user to just use "ypcat passwd. adjunct. byname" to see the encrypted passwords? Regardless, I would be curious to see if upstream glibc would be willing to use your patch. Have you opened a bug with glibc? http:// sourceware. org/bugzilla/
Also, IIUC, this is not a "private" security issue, in that NIS leaking encrypted passwords is a fairly well understood limitation. Should this bug be made public to get more people looking at it?