Hmm, anyone can explain a bit more the recent CERT advisory on /etc/utmp. I assume the attakers where able to obtain root by fooling programms that only use the information in /etc/utmp for authentication, instead of calling for the users user id and real user id. anyone mind extending this description...