>: I've just checked DEC OSF/1 V2.0. This seems to be partially ok. The -froot >: method won't work (I get complaints about -r, -o, and -t being unknown options >: which implies its -f option doesn't take an argument). However the -h trick is >: still available (but is obviously less severe). > >I'm not sure it is less severe. Can't it be used for host spoofing >when using rlogin - just set up a user of the appropriate name on your >own host and rlogin -l -htrusted.host ??? (I haven't been able to test >this yet because I don't have any untrusted hosts handy that can get >through the log_tcp blocking!) i believe it is only able to fool utmp/wtmp type things. using the ``-l -htrusted.host'' hack trashes the -remote- username you would normally pass. i may be wrong.