> > I see allowing 'r' commands into your installation as a Bad Thing anyway. > I agree that removing the .rhosts ability is a good idea, but it would be > just as easy for an intruder to use the race condition to overwrite the > password file with their own root account unless this particular bug > doesnt allow overwriting files. When I tested the program, it did not allow the overwritting of any existing file. I have to admit that I never tried to append to a file though. > Or they could create a .forward file > to gain the root's permissions. I am sure there are other methods > to subvert the machine, if allowed to write root owned files. That is something else we have disabled. Yes, it makes things like procmail and the like annoying, but better safe than sorry. Ciao, -- Richard Bainter Mundanely | System Analyst - OMG/CSD Pug Generally | Applied Research Labs - U.Texas pug@arlut.utexas.edu | pug@bga.com Note: The views may not reflect my employers, or even my own for that matter.