Xref: utzoo comp.bugs.4bsd:1088 comp.unix.wizards:12562
Path: utzoo!utgpu!bnr-vpa!bnr-fos!bnr-public!hwt
From: hwt@bnr-public.uucp (Henry Troup)
Newsgroups: comp.bugs.4bsd,comp.unix.wizards
Subject: hosts.equiv considered harmful (was Re: bin owning files)
Keywords: bin, root, /etc/hosts.equiv
Message-ID: <185@bnr-fos.UUCP>
Date: 18 Nov 88 15:19:32 GMT
References: <566@comdesign.CDI.COM> <5494@saturn.ucsc.edu>
Sender: news@bnr-fos.UUCP
Reply-To: hwt@bnr-public.UUCP (Henry Troup)
Organization: Bell-Northern Research, Ottawa, Canada
Lines: 11

I just checked my SunOS 4.0 *distribution tape* hosts.equiv.  The 
file consists of "+\n".  A quick RofTFM shows that this means 
***trust everyone***  Surprise!
 
So- In light of the worm, and this, we should realize that out-of-the-
box systems are not well secured.
 

Henry Troup		utgpu!bnr-vpa!bnr-fos!hwt%bnr-public | BNR is not 
Bell-Northern Reseach   hwt@bnr (BITNET/NETNORTH) 	     | responsible for 
Ottawa, Canada		(613) 765-2337 (Voice)		     | my opinions