> 
> Hello,
> 
> you are probably aware of this problem since you mentioned an upgrade to
> a newer rdist release in the NetBSD 0.9 todo file. But then again, perhaps
> you aren't. :) To exploit the hole:
> 
> - invoke rdist with the line 'rdist -Server'
> - then type 'S' followed by any command, e. g. 'Sid', which will show
>   that any command run by rdist is executed with a real uid of 0.
> 
> Since rdist simply swaps euid and uid, the call to setuid in server.c does
> not succeed (uid = 0, euid = uid of the user invoking rdist from the shell).
> 
> -Thomas
> 

Fixed some time ago.

Rick

------------------------------------------------------------------------------