In hanse-ml.netbsd.tech-net you write:

>> When /dev/ttyp? is not secure in /etc/ttys, I noticed that a .rhosts
>> for root refuses rlogin to the system, but allowes `rsh <command>`
>> with full su rights.

>> That makes no sense.  Should it be changed to refuse rsh as well when
>> ttyp* is not secure?

>Which pseudo-tty do you propose to key off of?  Basically, I suppose
>I'm asking, what if some ptys are secure and others aren't?

>Also, how do you intend to identify pseudo-tty entries in /etc/ttys?
>Just assume some conventional naming scheme?

>IMO the bug is that rlogin is refused, not that rsh is allowed.  The
>.rhosts should, I think, override.

Yes, creating a .rhosts as root probably is intentional. Just don't
handle rsh and rlogin different.

Martin
-- 
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Martin Cracauer <cracauer@wavehh.hanse.de>  -  Fax +49 40 522 85 36
 BSD User Group Hamburg, Germany   -   No NeXTMail anymore, please.
 Copyright 1995. Redistribution via Microsoft Network is prohibited