> I've fixed the SunOS 4.1.3 ypupdated bug (I think). Using tcp_wrapper tcpd >to call rpc.ypupdated by inetd, and restricting access for local domain machines, >has blocked this security gap. Here follows the steps: >... > 3) Create the file /etc/hosts.deny with the entry: > > rpc.ypupdated : ALL : (/usr/ucb/finger -l @%h | /usr/ucb/mail -s %d-%h root) & Er... what if the remote site's fingerd returns output which uses UCB mail's ~-escapes to run commands, or amend the headers and mail "interesting" files somewhere? [I don't think I'll stick my neck out in this forum and risk any suggestions about better ways to send the mail! :-)] John Line -- John Line - Cambridge University Computing Service, Computer Laboratory, New Museums Site, Pembroke Street, Cambridge CB2 3QG, England. Internet: jml4@cus.cam.ac.uk JANET: jml4@uk.ac.cam.cus Phone: +44 1223 334708