In message <199501181524.KAA24318@ussenterprise.async.vt.edu>, Leo Bicknell wri tes: > Ok, I'll point out a few things. "#" is not a valid charactor >in a host name, and a good bind server will not return it. I was >unable to get my bind server to return a hostname with a # in it, >so even if someone hacked the bind server for your site it wouldn't >matter. I don't know of any BIND server which won't let you put in a "#" in a host name. I've done quite a bit of checking of DNS, and I've found quite arbitrary characters in people's DNS data. You can argue to the contrary, but that's beyond the scope of this list. > Another thing not considered, is that by default under Ultrix >all the network tty's are _unsecure_ meaning root cannot log in on >them no matter what .rhosts says. Unless you have changed this it >is absolutely not possible for this to be a problem. You mean except for "rsh ultrixhost rm -rf /" Remember, with /.rhosts, having unsecure ttys has no effect. --Dave