In <9403252218.AA14294@rwing.UUCP> you write: I don't know of a specific patch, for this. But the only REAL fix is to make the /etc/utmp file so it is not world-writeable. That means, of course, fixing anything that must update it, other than login or init to run SUID root without creating a worse hole. To quote our President: "NO NO NO NO NO NO NO ..." :-) Making things setuid root is almost always wrong. Make a new group, say group "utmp", and make anything that needs to deal with utmp setgid utmp; similarly for mail, etc. That way if you have something that needs to do mail and utmp, you can just put it in multiple groups. Similarly ps and friends should be setgid "kmem", and kmem should be readable by group "kmem". It's just the principle of least priveledge applied to good old fashioned UNIX. If our vendors did things this way out of the box, there would be far fewer things running as root on our systems, and far fewer security problems to begin with. [There are even schemes to make things like cron and at not have to be root (The user creates an executable setuid to them that cron will run.)] Okay, I'll get down off my soapbox now... But remember, next time you hear someone suggets making something setuid root, see if you can deal with the problem with a nice, separate group id, and setgid instead. Marc