From proff@suburbia.net  Mon Dec  2 10:36:50 1996
Received: from suburbia.net (suburbia.net [203.4.184.1])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id KAA04314
          for <FreeBSD-gnats-submit@freebsd.org>; Mon, 2 Dec 1996 10:36:32 -0800 (PST)
Received: (from proff@localhost)
          by suburbia.net (8.8.3/8.8.2) id FAA00714;
          Tue, 3 Dec 1996 05:36:02 +1100 (EST)
Message-Id: <199612021836.FAA00714@suburbia.net>
Date: Tue, 3 Dec 1996 05:36:02 +1100 (EST)
From: Julian Assange <proff@suburbia.net>
Reply-To: proff@suburbia.net
To: FreeBSD-gnats-submit@freebsd.org
Subject: <Synopsis of the problem (one line)> It is not possible to compile libc (et al) without -DYP
X-Send-Pr-Version: 3.2

>Number:         2135
>Category:       bin
>Synopsis:       It is not possible to compile libc (et al) without -DYP
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Dec  2 10:40:01 PST 1996
>Closed-Date:    Sun Feb 9 16:10:25 PST 1997
>Last-Modified:  Sun Feb  9 16:11:35 PST 1997
>Originator:     Julian Assange
>Release:        FreeBSD 3.0-CURRENT i386
>Organization:
>Environment:

	

>Description:

For security and other reasons, it can be despireable to compile gethost* etc without
YP enabled. Currently this breaks the make in a number of places

	

>How-To-Repeat:

	

>Fix:
	
	

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: gnats-admin->freebsd-bugs 
Responsible-Changed-By: gpalmer 
Responsible-Changed-When: Mon Dec 2 10:47:53 PST 1996 
Responsible-Changed-Why:  
[A 
Got misfiled 
State-Changed-From-To: open->analyzed 
State-Changed-By: wpaul 
State-Changed-When: Mon Dec 2 11:14:35 PST 1996 
State-Changed-Why:  

I'll look into this, though if you could point out exactly where the build 
of libc fails without -DYP, it would help. 

Also, I have a question: FreeBSD uses only DNS and /etc/hosts for  
gethostby*() by default (the /etc/host.conf that comes with the OS 
only specifies 'hosts' and 'bind'; 'nis' is commented out). This 
means that the host lookup functions don't use YP in the first place. 
The only way to change this is if root edits /etc/host.conf. What 
extra security are you hoping to gain by compiling libc without YP 
support? The only way to enable YP now is to break root, and if an 
attacker does that then you're already in trouble anyway. 

-Bill 
State-Changed-From-To: analyzed->closed 
State-Changed-By: mpp 
State-Changed-When: Sun Feb 9 16:10:25 PST 1997 
State-Changed-Why:  
I've been able to compile a few day old -current 
libc without YP with no problems. 
>Unformatted:
