From: John Hawkinson <jhawk@panix.com> . . . The "correct" thing to do is to patch kern_exec.c (kern_exec.o). . . . Ummm, then how's it going to cope with set-uid perl scripts, which ARE rumored to be secure? You could have a table of 'ok shell interpreters' in the kernel, but that would be extremely ugly. Since the problem is in /bin/sh, that is where it should be solved, or at least avoided. If you across-the-board disable all set-uid shell interpreters, that will infuriate the few who do it right, and remove any motivation for others to do it correctly. ----- Fred Blonder fred@nasirc.hq.nasa.gov Hughes STX Corp. (301) 441-4079 7701 Greenbelt Rd. Greenbelt, Md. 20770