> SATAN on AIX has a similar problem. > AIX emits a permission denied that the simple test (test -s) doesn't catch > > > The bourne shell script 'rsh.satan' falsely reports a vulnerability on > > hosts that are running DEC VMS 6.1 This is because the OS sends the > > following message to standard output: > > > > UCX$RSHD - Permission denied - host IP addr > > > > To fix, just add a test for the above string to the 'if $TEST -s > > "$tmp_file"' test in 'rsh.satan'. The correct way to test for success or failure is obvious from the following (from the rshd man page): DIAGNOSTICS Except for the last one listed below, all diagnostic messages are re- turned on the initial socket, after which any network connections are closed. An error is indicated by a leading byte with a value of 1 (0 is returned in step 9 above upon successful completion of all the steps pri- or to the execution of the login shell). If an rshd does not do this I'd be inclined to call it broken. > Andreas Siegert afx@ibm.de / afx@barolo.ak.munich.ibm.com / AFX at IPNET