well i had a bit of a hack around last night with 2.3 login. it seems you can set enviroment variables with login such as % exec login user IFS=/ now of course IFS,PTAH,SHELL cant be set but others can! now of course since login tries to read past the user name you can get login to core dump quite easily by over feeding it like this % exec login user "`cat big.binary.file`" this will quite hapilly core dump login. now i dont see a huge problem so much from this unless of course someone has managed to compromise saf or ttymon as well. *shrug* but when it is core dumped it is running as root and it does leave a world writeable core in /. im not sure if this would make it insecure as i havent had much experience in cracking systems, but im sure there are some people out there that can do a fair amount of damage given a world writable file owned by root. *shrug* will there be a patch? Matt -- Matthew Keenan Systems Programmer Information Technology Division University of Technology Sydney www: http://milliways.itd.uts.edu.au/~matt/ email: matt@uts.edu.au phone: +61 2 330 1390 "Don't murder a man who is about fax: +61 2 330 1999 to commit suicide." home: +61 2 416 5722 -- Machiaveli GCV 2.1 GAT/M/CS d--(-+) H-- s++:-- g+ p? !au a-(?) w+++ v+ C+++$ UVS++++$ P+>+++ L- 3+++ E-(++) N++ K W--- M+ V-- -po+(+) Y+ t+ !5>++ jx R+ G? !tv b+++ D++ B e+ u--(**) h- f+(*) r n- !y