In IRIX 4.x, there are several setuid root programs under /usr/lib/vadmin In IRIX 5.x, there are several setuid root programs under /usr/Cadmin/bin At this site, we protect these directories by changing their mode to 700. Other sites may want to take similar precautions. Some time ago, a colleague of mine had his IRIX 4.x system broken into. It appears that the crackers used /usr/lib/vadmin/serial_ports to gain root privs after they got into the system as someone else. Is anyone aware of a bug in serial_ports? How about the new Cadmin stuff?