I'd bet that it doesn't mount the floppy (or CD) nosuid, so the cracker can simply make-up a floppy with a filesystem containing a passwordless version of 'su'. but I'm just guessing. Jim