As James Raynard wrote:
> >Our rlogind has a -s flag which will only read .rhosts files if they are
> >owned by root. So users cannot create their own .rhosts files, without
> >root knowing about it.
> >More work for the sysadmin, and mabye not feasible on a machine with a lot
> >of users, but it works for us.
> This would be very easy to add, as per the following (untested)
> patches. Would this be a worthwhile addition, or is it just another
> silly Linux gimmick? 8-)
I don't really like it. If some admin is notorious about security, he
can simply turn off rlogin/rsh, and force the people to use ssh
instead. That would (IMO) make more sense.
(Btw., if i were at such a site, i wouldn't trust root, and
immediately remove the .rhosts, in particular if it's not readable for
email@example.com -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)