> When ypserv doesn dns lookups on behalf of its clients with the -b h ack, > it is using libresolv, so this case also involves Sun's mucking. Ok, I've always been speaking about libc(shared or not) here, and at least two of you are now speaking about libresolv.a. Was I confused, or did someone change the subject? Yes, the gethostbyaddr() call in libresolv has the reverse lookup. No, its done in a different place inside ypserv. ypserv has its own, special version of the resolver library, and does: if (!found_addr) { /* weve been spoofed */ syslog(LOG_CRIT, "nres_gethostbyaddr: %s != %s", temp->name, inet_ntoa(temp->theaddr)); theans = NULL; temp->h_errno = HOST_NOT_FOUND; } in nres_dorecv(). Well, some folks (like us) have put DNS routines into the shared libc, so that everything not statically linked uses the DNS without needing NIS. But that's not the real point. The real point of this discussion is that Sun has chosen (rightly, in my opinion) to put the cross-check into the libraries, rather than the applications. Thus, Sun's rshd and rlogind *don't* do the check themselves. If you replace the resolver routines with ones that don't do the cross-check, you've opened up a great gaping security hole.