> This was a new > install, and it lasted about 4 days. One person heard thru the cracker > grapvine that root was broken thru /bin/mail. Did you happen to install the following, in particular 101436-02? Solaris 1.1.1 Patches Containing Security Fixes: ------------------------------------------------ 101434-03 SunOS 4.1.3_U1: lpr Jumbo Patch 101436-02 SunOS 4.1.3_U1: bin/mail jumbo patch 101440-01 SunOS 4.1.3_U1: security problem: methods to exploit login/su 101558-02 SunOS 4.1.3_U1: international libc jumbo patch 101579-01 SunOS 4.1.3_U1: Security problem with expreserve for Solaris 1.1.1 101587-01 SunOS 4.1.3_U1: security patch for mfree and icmp redirect 101621-02 SunOS 4.1.3_U1: Jumbo tty patch 101665-02 SunOS 4.1.3_U1: sendmail jumbo patch 101679-01 SunOS 4.1.3_U1: Breach of security using modload 101759-02 SunOS 4.1.3_U1: domestic libc jumbo patch 100448-02 OpenWindows 3.0: loadmodule is a security hole. 100452-68 OpenWindows 3.0: XView 3.0 Jumbo Patch 100478-01 OpenWindows 3.0: xlock crashes leaving system open Yes, I replace sendmail with my own, but I still install all of the security patches. Not to mention that everyone of these is a recommended patch as well. Ciao, -- Richard Bainter Mundanely | System Analyst - OMG/CSD Pug Generally | Applied Research Labs - U.Texas pug@arlut.utexas.edu | pug@bga.com Note: The views may not reflect my employers, or even my own for that matter.