> >>>>> On Thu, 29 Sep 1994 07:04:44 -0600 (CDT), Pug <pug@arlut.utexas.edu> said: > >> This was a new > >> install, and it lasted about 4 days. One person heard thru the cracker > >> grapvine that root was broken thru /bin/mail. > P> Did you happen to install the following, in particular 101436-02? > P> Solaris 1.1.1 Patches Containing Security Fixes: > P> ------------------------------------------------ > P> 101436-02 SunOS 4.1.3_U1: bin/mail jumbo patch > This is the patch which made the race condition *easier* to exploit > than it was in the unpatched version. As I remember the race condition, you don't have a problem if you don't allow the 'r' commands into your system. The race condition created a .rhosts file for accounts that had UID 0, but no existing .rhosts file. I can't find my copy of the exploit anymore to be certain. As well, you had to start on the system, so it wasn't that much of an external job anyway. I see allowing 'r' commands into your installation as a Bad Thing anyway. Ciao, -- Richard Bainter Mundanely | System Analyst - OMG/CSD Pug Generally | Applied Research Labs - U.Texas pug@arlut.utexas.edu | pug@bga.com Note: The views may not reflect my employers, or even my own for that matter.