From owner-freebsd-security  Thu Apr 24 01:32:44 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id BAA24056
          for security-outgoing; Thu, 24 Apr 1997 01:32:44 -0700 (PDT)
Received: from unique.usn.blaze.net.au (unique.usn.blaze.net.au [203.17.53.17])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id BAA24051
          for <security@freebsd.org>; Thu, 24 Apr 1997 01:32:39 -0700 (PDT)
Received: from unique.usn.blaze.net.au (local [127.0.0.1])
	by unique.usn.blaze.net.au (8.8.5/8.8.5) with ESMTP id SAA29303;
	Thu, 24 Apr 1997 18:31:45 +1000 (EST)
Message-Id: <199704240831.SAA29303@unique.usn.blaze.net.au>
X-Mailer: exmh version 2.0gamma 1/27/96
To: Robert N Watson <rnw@andrew.cmu.edu>
cc: Pedro Giffuni <pgiffuni@fps.biblos.unal.edu.co>, security@freebsd.org
Subject: Re: Possible security hole in 2.2 Release. 
In-reply-to: Your message of "Wed, 23 Apr 1997 21:45:23 -0400."
             <Pine.SUN.3.93l.970423214341.9918A-100000@apriori.cc.cmu.edu> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 24 Apr 1997 18:31:45 +1000
From: David Nugent <davidn@unique.usn.blaze.net.au>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> Do the r* service authentication routines ignore # signs, really? :)

Yes, they do. Lines commencing with '#' are skipped.