>Also, be aware that /etc/crash is setgid kmem and allows you to fork >a shell and DOES NOT reset the group id for that shell. So even if >your /dev/kmem is set properly to mode 640, if users can run /etc/crash, >they can still do this. > >My solution was simply chmod 700 /etc/crash on all my systems. Root >is the only one that needs it anyway.... Sun patch 100103-XX is a shell script which when run fixes this and other similar permissions problems on various files and directories. The current version (ftpable from Sun) is 100103-12. You might want to check what this script does before you run it, but it probably provides a good pointer at things you should examine. For example, we have decided locally to make the /dev/*fd* world readable/writable. Bill Bogstad