> I don't think anyone should rely on wtmp for any kind of security. > Whatof rsh? If you're going to be paranoid about security, you should blow away anything that lets people in unauthenticated, like rsh. Quite aside from that, > Its easy enough to do a rsh <host> xterm -ut -display <foo> and avoid > wtmp detection. Or more simply, rsh <host> csh -fi, which I have used when for some reason rlogin didn't work (eg, out of ptys) and I needed a shell on the machine to fix things. > The -ut flag tells xterm to not make a entry in utmp and it never > considers making a wtmp entry. I suppose because it never has > permissions to. xterm is capable of writing a wtmp entry on almost any system on which it can write utmp entries. (The exceptions are those where (a) xterm is not setuid-root, (b) utmp is world writable, and (c) wtmp isn't world writable.) > The rsh server would have to make the wtmp entry. Which is odd it > doesn't because it does if envoke a shell with it. Hmmmm... Given the current wtmp design, it shouldn't write a wtmp entry because there's nothing to put in the ut_line field. One could invent something, I suppose.... der Mouse mouse@collatz.mcrcim.mcgill.edu