From owner-freebsd-security  Mon Jul 28 23:00:03 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id XAA13190
          for security-outgoing; Mon, 28 Jul 1997 23:00:03 -0700 (PDT)
Received: from time.cdrom.com (root@time.cdrom.com [204.216.27.226])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA13139
          for <security@FreeBSD.ORG>; Mon, 28 Jul 1997 22:59:59 -0700 (PDT)
Received: from time.cdrom.com (jkh@localhost.cdrom.com [127.0.0.1]) by time.cdrom.com (8.8.6/8.6.9) with ESMTP id WAA06898; Mon, 28 Jul 1997 22:59:31 -0700 (PDT)
To: Vincent Poy <vince@mail.MCESTATE.COM>
cc: "Jonathan A. Zdziarski" <jonz@netrail.net>,
        "[Mario1-]" <Mario1@primenet.com>, JbHunt <johnnyu@accessus.net>,
        Robert Watson <robert+freebsd@cyrus.watson.org>,
        Tomasz Dudziak <loco@onyks.wszib.poznan.pl>, security@FreeBSD.ORG
Subject: Re: security hole in FreeBSD 
In-reply-to: Your message of "Mon, 28 Jul 1997 17:27:15 PDT."
             <Pine.BSF.3.95.970728172339.3844N-100000@mail.MCESTATE.COM> 
Date: Mon, 28 Jul 1997 22:59:31 -0700
Message-ID: <6894.870155971@time.cdrom.com>
From: "Jordan K. Hubbard" <jkh@time.cdrom.com>
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> 	Just a update on how the break-in was done after the hacker was
> confronted on irc.  
> 
> 	Apparently FreeBSD ships with .rhosts in the root account.  Using

No, FreeBSD does not ship with .rhosts in the root account.  This must
have been a local change.  If you do not believe this then simply do a
fresh installation of FreeBSD and see for yourself - sorry, you shot
your own feet off here. :-)

					Jordan