From owner-freebsd-security  Tue Dec 17 14:20:53 1996
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id OAA23319
          for security-outgoing; Tue, 17 Dec 1996 14:20:53 -0800 (PST)
Received: from isbalham.ist.co.uk (isbalham.ist.co.uk [192.31.26.1])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id OAA23196;
          Tue, 17 Dec 1996 14:19:18 -0800 (PST)
Received: from gid.co.uk (uucp@localhost)
          by isbalham.ist.co.uk (8.8.4/8.8.4) with UUCP
	  id WAA12852; Tue, 17 Dec 1996 22:03:44 GMT
Date: Tue, 17 Dec 1996 22:05:13 GMT
Received: from [194.32.164.2] by seagoon.gid.co.uk; Tue, 17 Dec 1996 22:05:13 GMT
X-Sender: rb@194.32.164.1
Message-Id: <v01540b03aedcc77174e5@[194.32.164.2]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
To: Terry Lambert <terry@lambert.org>
From: rb@gid.co.uk (Bob Bishop)
Subject: Re: vulnerability in new pw suite
Cc: proff@iq.org, security@freebsd.org, hackers@freebsd.org
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

>Five gets you ten that he'll just use rlogin instead, and go for root
>on the new system from the user account, never knowing the user's
>password (or caring).

Well OK, but that just sounds to me like a(nother) good reason to eschew
rlogin and co.


--
Bob Bishop              (0118) 977 4017  international code +44 118
rb@gid.co.uk        fax (0118) 989 4254  between 0800 and 1800 UK