> > The best solution is to make sure you don't have suid shell scripts > > Cops does a fine job in finding them for you so does: > > > > find / \( -type d -fstype nfs -prune \) -o -type f \( -perm -4001 -o -perm > > -4010 -o -perm -4100 -o -perm -2100 -o -perm -2010 -o -perm -2001 \) > > > > If I remeber correctly SunOS 4.1.x is just one of those UNIX systems that > > allows suid shell scripts. I don't think this will be 'fixed'. > > But you can always try to mail security-alert@Sun.COM. > > > > > Of course you can always mount your filesystems `nosuid'. The "correct" thing to do is to patch kern_exec.c (kern_exec.o). This is nontrivial if you don't have source. It's trivial if you do (I don't). No one has done this publically as of yet. Thinking about it, I wonder if the BSD kern_exec is "good enough". If so, perhaps it could be substituted. Anyone? (Casper?) -- John Hawkinson jhawk@panix.com