You wrote to me about **Re: Solaris 2.3 login**: : well i had a bit of a hack around last night with 2.3 login. it seems you : can set enviroment variables with login such as : : .. : this will quite hapilly core dump login. now i dont see a huge problem so : much from this unless of course someone has managed to compromise saf or : ttymon as well. *shrug* but when it is core dumped it is running as root : and it does leave a world writeable core in /. im not sure if this would : make it insecure as i havent had much experience in cracking systems, but : im sure there are some people out there that can do a fair amount of damage : given a world writable file owned by root. *shrug* will there be a patch? : Run strings over the core - and see how much of /etc/shadow is in the core file. You could trying leaving a core file behind and chmod to 0000 to stop other people from reading the core file ( if you find bits of /etc/shadow in the core) ... and cat /dev/null > /core to zero the file. .richard _______________________________________________________________________________ r.oxbrow@ieee.Org "On the Internet, nobody knows you`re a dog." P Steiner, IEEE/The New Yorker 1993