Here we go again. The original patch for the majordomo bug was incomplete. A bug has been discovered in the new-list program (and is being actively exploited) that lets people run commands as the user that Majordomo runs under. Patches for 1.62 and 1.90 are being tested and a full announcement will be posted within 24 hours. It is prudent to disable the new-list program in Majordomo by renaming the new-list program, or deleting it from the aliases file pending availability of the patch. This bug is related to but NOT fixed by the majordomo security patch. If you wish to fix new-list refer to the majordomo security patch for background information. -- John John Rouillard Senior Systems Consultant (SERL Project) University of Massachusetts at Boston rouilj@cs.umb.edu (preferred) Boston, MA, (617) 287-6480 ============================================================================== My employers don't acknowledge my existence much less my opinions.