steve@umiacs.umd.edu (11/21/89)
I don't think that the modification to make rexd get the hostname of the invoker and check for it in hosts.equiv (and, presumably, .rhosts) makes on and rexd as secure as rsh/rlogin. I think -- though I am admittedly not sure, not having read the sources recently -- that one can fake up the RPC authentication junk for 'on', then send from any port, not just the ones below 1024. That means that you don't even have to be root to break into someone's machine. Given the number of PCs with IP these days, and given L1-A, the distinction is perhaps minor. Oh, for 4.4BSD and a much better security model...