> It seems that just about every system that has installed the "shadow" > password suite (the free version from John F. Haugh II. It was posted > on comp.sources.unix from memory.) is vulnerable with this. Hmmm... I can't seem to reproduce it with Haugh's shadow passwd package. The arg processing in lmain.c uses getopt. Is it a bug in some implementations of getopt? Or are you testing an older version of the package than I have source code for (it appears to be 3.3)? -- #include <std_disclaimer> "Frank Zappa is dead - the world is a duller shade of gray" - me .-----------------------------------------------------------------------------. | Kevin Johnson kjj@phx.mcd.mot.com | | Information Technologies Network Administrator Motorola MCG | | MCG postmaster, MCG Network Security Administrator |