>This bug occurs on several systems, such as DEC OSF/1 V3.0 and Concentrix 2.1. >I have tried Solaris 2.3 and SunOS 4.1 which both appear to be safe from this >at first glance. (We haven't got a newer SunOS 4.x unfortunately! So I've done >no tests on 4.1.3U1.) I expect most other systems are safe too. While Solaris 2.3 may be immune to this from rlogin, I have had reports that some people have been logging in, and then relogging in with "exec login joeuser -hhostname" to obscure where they are logged in from. This is usually traceable, but could conceivably cause problems too if you rely on knowing where someone is logged in from to build a case against them for cracking activity. And if my sentence was unclear, this *is* under Solaris 2.3.