[1622] in Release_Engineering
Re: [long-morrow@yale.arpa: rlogind/rshd broken by nameserver spoofing in in-addr.arpa domains &fix]
henry@ATHENA.MIT.EDU (henry@ATHENA.MIT.EDU)
Mon Sep 11 08:17:09 1989
two items:
-> it is important (wherever possible) to keep things fixed wrt
folks who use our software distribution but not our software
methods (i.e., kerberos authentication). we use r*.ucb commands
as well as the kerberized ones; do these fixes matter in this context?
-> it is also important to check that this flaw doesn't exist in our
code DESPITE our usage of kerberos ... even we, the almight project
athena, are not infallible. not even you, jfc.
the author of those patches sent an update which i did not forward.
i still have it, however, if such a fix is deemed useful.
-- henry
--------
