K 10
svn:author
V 5
wpaul
K 8
svn:date
V 27
1996-07-13T20:23:13.000000Z
K 7
svn:log
V 686
In _yp_dobind(), if we find ourselves required to contact the local ypbind
directly in order to obtain binding information, check that the local
ypbind is using a reserved port and return YPERR_YPBIND if it isn't.
We should not trust any ypbind running on a port >= IPPORT_RESERVED;
it may have been started by a malicious user hoping to trick us into
talking to a bogus ypserv.

Note that we do not check the ypserv port returned to us from ypbind.
It is assumed that ypbind has already done a reserved port test (or not,
depending on whether or not it was started with -s); if we trust the
authenticity of the local ypbind, we should also trust its judgement.

Obtained from: OpenBSD

END