From owner-freebsd-security Thu Apr 24 01:32:44 1997 Return-Path: <owner-security> Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id BAA24056 for security-outgoing; Thu, 24 Apr 1997 01:32:44 -0700 (PDT) Received: from unique.usn.blaze.net.au (unique.usn.blaze.net.au [203.17.53.17]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id BAA24051 for <security@freebsd.org>; Thu, 24 Apr 1997 01:32:39 -0700 (PDT) Received: from unique.usn.blaze.net.au (local [127.0.0.1]) by unique.usn.blaze.net.au (8.8.5/8.8.5) with ESMTP id SAA29303; Thu, 24 Apr 1997 18:31:45 +1000 (EST) Message-Id: <199704240831.SAA29303@unique.usn.blaze.net.au> X-Mailer: exmh version 2.0gamma 1/27/96 To: Robert N Watson <rnw@andrew.cmu.edu> cc: Pedro Giffuni <pgiffuni@fps.biblos.unal.edu.co>, security@freebsd.org Subject: Re: Possible security hole in 2.2 Release. In-reply-to: Your message of "Wed, 23 Apr 1997 21:45:23 -0400." <Pine.SUN.3.93l.970423214341.9918A-100000@apriori.cc.cmu.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 24 Apr 1997 18:31:45 +1000 From: David Nugent <davidn@unique.usn.blaze.net.au> Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Do the r* service authentication routines ignore # signs, really? :) Yes, they do. Lines commencing with '#' are skipped.