[17902] in Athena Bugs
Re: sun4 8.3.29: X
daemon@ATHENA.MIT.EDU (Brad Thompson)
Tue Jun 13 21:05:48 2000
Message-Id: <200006140105.VAA03485@snow-goon.mit.edu>
To: amu@MIT.EDU
cc: bugs@MIT.EDU
In-Reply-To: Your message of "13 Jun 2000 20:35:00 EDT."
<udlya49qevf.fsf@multics.mit.edu>
Date: Tue, 13 Jun 2000 21:05:43 -0400
From: Brad Thompson <yak@MIT.EDU>
> No, anyone logged into the machine could still take advantage of even
> that entry. AFAIK, the only fix is to require MIT-MAGIC-COOKIE
> authentication or the like; IIRC, this approach runs into the problem
> that public machines don't have enough unique secret state to generate
> good cookies.
But public machines aren't the problem here. It is private machines
that are vulnerable to this hole. Public machines won't have more than
one person at a time logged into them.
yak
