Path: utzoo!attcan!uunet!husc6!rice!sun-spots-request
From: bs30@sirius.gte.com.csnet (Bernard Silver)
Newsgroups: comp.sys.sun
Subject: Insecure Default of hosts.equiv
Message-ID: <BS30.88Dec22103306@sirius.gte.com.csnet>
Date: 3 Jan 89 23:16:09 GMT
Sender: usenet@rice.edu
Organization: Sun-Spots
Lines: 6
Approved: Sun-Spots@rice.edu
Original-Date: 22 Dec 88 15:33:06 GMT
X-Sun-Spots-Digest: Volume 7, Issue 86, message 2 of 12

A (hopefully) harmless intrusion brought to our notice the default
/etc/hosts.equiv in 3.5 and 4.0 The default consists of a single "+",
which in this context means ALL known hosts are trusted.  An empty file
seems a much better choice.

	Bernard Silver