Following up on this: Having played around a little further, there is the option CgiUserConfigEdit which specifies which options a user is permitted to modify. I think that this list needs trimming down in the default installs, and certainly having ClientNameAlias removing from it.
By removing ClientNameAlias from the list specified in CgiUserConfigEdit, users cannot change hostnames, thus closing this hole. Regards, David Ambrose-Griffith -- David Ambrose-Griffith - [email protected] Assistant Systems Programmer, IPPP, Department of Physics, Durham University, Science Laboratories, South Road, Durham, DH1 3LE Direct Dial: +44 (0)191 3343704 Office: +44 (0)191 334 3811 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
