:From: Pug <pug@arlut.utexas.edu> :As I remember the race condition, you don't have a problem if you don't :allow the 'r' commands into your system. The race condition created a :.rhosts file for accounts that had UID 0, but no existing .rhosts file. :I can't find my copy of the exploit anymore to be certain. As well, you :had to start on the system, so it wasn't that much of an external job :anyway. : :I see allowing 'r' commands into your installation as a Bad Thing anyway. The "r" commands are the most heterogeneous way of providing 8-bit connectivity to a system. If you disallow the "r" commands, you may find that you have grief with terminal server products and some of the alternative protocols that are less battle-worn (look at the headaches that the stock BSD 4.4 telnet/telnetd has given people with option negotiation). While it's nice in theory, it could be bad in practice. -- Mike O'Connor, mjo@msen.com http://www.msen.com/~mjo/ "What's this stuff? I'm not gonna eat it!" -Calvin