Don't confuse etrn with expn. expn does indeed have security aspects since it provides information about deliverable addresses and therefore possible local accounts on the system in question. Yes I know about expn and it is disabled on my machine. But I wondered about etrn because I just happened to notice that on redhat it was disabled while on suse it wasn't. I wonder whether it would not be best if some of these features were disabled by default such that if lets say next month an exploit were to be discovered then most users would be safe. Kind of like the thread I have been seeing about having most things disabled by default.
Thanks, Roman. -- - - | Roman Drahtm�ller
// "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | N�rnberg, Germany +49-911-740530 // (Batman Costume warning label) | - - --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com