> > In message <199501181524.KAA24318@ussenterprise.async.vt.edu>, Leo Bicknell wri > tes: > > Ok, I'll point out a few things. "#" is not a valid charactor > >in a host name, and a good bind server will not return it. I was > >unable to get my bind server to return a hostname with a # in it, > >so even if someone hacked the bind server for your site it wouldn't > >matter. > > I don't know of any BIND server which won't let you put in a "#" in > a host name. I've done quite a bit of checking of DNS, and I've found > quite arbitrary characters in people's DNS data. You can argue > to the contrary, but that's beyond the scope of this list. > > > Another thing not considered, is that by default under Ultrix > >all the network tty's are _unsecure_ meaning root cannot log in on > >them no matter what .rhosts says. Unless you have changed this it > >is absolutely not possible for this to be a problem. > > You mean except for "rsh ultrixhost rm -rf /" > > Remember, with /.rhosts, having unsecure ttys has no effect. > > --Dave > Or instead of rm -rf /, how about using sed to change those ttys to secure to allow you a normal login? -- Doug Siebert dsiebert@isca.uiowa.edu