> [../bin/mail write to file as uid 0 bug...] > As I remember the race condition, you don't have a problem if you don't > allow the 'r' commands into your system. The race condition created a > .rhosts file for accounts that had UID 0, but no existing .rhosts file. > I can't find my copy of the exploit anymore to be certain. As well, you > had to start on the system, so it wasn't that much of an external job > anyway. Thats what the exploit script did. That doesnt mean that is all you are limited to. You could just as easily write a .forward file that has "|/tmp/prog" which then runs a program whenever the account is mailed to. You can also write to .login or .cshrc files that dont exist (hmm.. remember those "delete any file on the filesystem bugs?"). There are probably other files that are worth writing to that may not exist. The mail hole shouldnt be left around just because you arent running r commands. > Richard Bainter Mundanely | System Analyst - OMG/CSD > Pug Generally | Applied Research Labs - U.Texas > pug@arlut.utexas.edu | pug@bga.com > Note: The views may not reflect my employers, or even my own for that matter.