Three solaris-related things I'd like to ask the list-- and if you know, and are willing to share this info (key point here), please speak up. 1) /var/mail is world writable, but has a sticky bit to prevent people from removing other people's mailboxes. Still, I can create mailboxes for users who don't have them (like smtp) .. will this pose a problem in the future? I know that if sendmail had some sort of support for v7 forwarding capabilties (ie; /var/mail/smtp contains Forward to |/tmp/foosh, then mail to smtp runs /tmp/foosh as uid smtp, which just happens to be 0 on our systems) this would be an easy exploit.. but apparently sendmail 8.6.9 doesn't hold to those kind of conventions (thank gods) 2) it was recently pointed out to me that /dev/tcp and /dev/ip were mode 666; could this be a problem? I thought maybe you could dump crap into them and it would possibly hose something.. or worse, you could just cat 'em and look at traffic. While both of these are probabally unlikely, does anyone know for certain? And is it safe to chmod 600 these? 3) is solaris openwin code secure? (yes or no, and if no, why.. for those of us who just like to say things like "perhaps.") James -- James W. Abendschan shamus@unkadath.uucp "Thanks, fone-d00d!" jwa@sunset.cse.nau.edu