Problem Description
There are two documented methods of restricting access to
NIS maps through ypserv(8): through the use of the
/var/yp/securenets file, and through the /etc/hosts.allow file.
While both mechanisms are implemented in the server, a change
in the build process caused the "securenets" access restrictions
to be inadvertantly disabled.
Impact
ypserv(8) will not load or process any of the networks or
hosts specified in the /var/yp/securenets file, rendering
those access controls ineffective.
Workaround
One possible workaround is to use /etc/hosts.allow for access
control, as shown by examples in that file.
Another workaround is to use a firewall (e.g., ipfw(4),
ipf(4), or pf(4)) to limit access to RPC functions from
untrusted systems or networks, but due to the complexities of
RPC, it might be difficult to create a set of firewall rules
which accomplish this without blocking all access to the
machine in question.