[17903] in Athena Bugs
Re: sun4 8.3.29: X
daemon@ATHENA.MIT.EDU (John Hawkinson)
Tue Jun 13 21:59:38 2000
Date: Tue, 13 Jun 2000 21:59:32 -0400 (EDT)
Message-Id: <200006140159.VAA13354@bobbi-harlow.mit.edu>
To: amu@mit.edu (Aaron M. Ucko)
cc: bugs@mit.edu
In-reply-to: "[17901] in Athena Bugs"
From: John Hawkinson <jhawk@MIT.EDU>
| No, anyone logged into the machine could still take advantage of even
| that entry. AFAIK, the only fix is to require MIT-MAGIC-COOKIE
| authentication or the like; IIRC, this approach runs into the problem
| that public machines don't have enough unique secret state to generate
| good cookies.
Is this a problem? Doesn't MIT-MAGIC-COOKIE also restrict connections
by ip address, too?
--jhawk
