> I've fixed the SunOS 4.1.3 ypupdated bug (I think). Using tcp_wrapper tcpd > to call rpc.ypupdated by inetd, and restricting access for local domain machines, > has blocked this security gap. Here follows the steps: You are of course assuming that none of the local machines have been compromised, and are trusted. In my experience, it is much easier to break in via a machine in the local domain that is less protected. The only safe way is to kill it. (Of course the only secure machine is the one never turned on. Assuming that you have it buried in 6' of concrete so they can't walk off with it.) Btw, under NSkit 1.0 under Solaris 2.x I have only been able to break in via this method *if* keyserv is not running or rpc.ypupdated is started with the -i option. Both of these will cause UNIX instead of DES authentication to be used. Unfortunately I haven't had the time to figure out 2.x's keyserv to see if I can get in somehow through it. Ciao, -- Richard Bainter Mundanely | OS Specialist - OMG/CSD Pug Generally | Applied Research Labs - U.Texas pug@arlut.utexas.edu | pug@eden.com | {any user}@pug.net Note: The views may not reflect my employers, or even my own for that matter.