At 3:14 PM -0500 4/2/02, Jim Wise wrote:
>On Tue, 2 Apr 2002, Henry B. Hotz wrote:
>  >I've always considered that if I couldn't trust the machine I was
>>running on then I was pretty much hosed anyway.  CFS doesn't prevent
>>root from seeing your data files, nor Kerberos prevent root from
>>impersonating you.
>
>Fine.  Than since you trust `the machine', I assume you use .rhosts all
>over the place?  IP addresses are not hard to forge...

Ignoring the perhaps-unintentionally insulting tone of the last 
response I will note that it's a lot harder to forge source==dest 
packets from outside the machine in question than from inside it.
-- 
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu