[663] in bugtraq
Re: Sol2.x Mouse EXPLOIT info - CORRECTION
daemon@ATHENA.MIT.EDU (David Barr)
Wed Jan 18 15:57:31 1995
To: bicknell@csugrad.cs.vt.edu (Leo Bicknell)
Cc: bugtraq@fc.net
In-Reply-To: Your message of "Wed, 18 Jan 1995 10:24:41 EST."
<199501181524.KAA24318@ussenterprise.async.vt.edu>
Date: Wed, 18 Jan 1995 14:14:32 -0500
From: David Barr <barr@pop.psu.edu>
In message <199501181524.KAA24318@ussenterprise.async.vt.edu>, Leo Bicknell wri
tes:
> Ok, I'll point out a few things. "#" is not a valid charactor
>in a host name, and a good bind server will not return it. I was
>unable to get my bind server to return a hostname with a # in it,
>so even if someone hacked the bind server for your site it wouldn't
>matter.
I don't know of any BIND server which won't let you put in a "#" in
a host name. I've done quite a bit of checking of DNS, and I've found
quite arbitrary characters in people's DNS data. You can argue
to the contrary, but that's beyond the scope of this list.
> Another thing not considered, is that by default under Ultrix
>all the network tty's are _unsecure_ meaning root cannot log in on
>them no matter what .rhosts says. Unless you have changed this it
>is absolutely not possible for this to be a problem.
You mean except for "rsh ultrixhost rm -rf /"
Remember, with /.rhosts, having unsecure ttys has no effect.
--Dave
