> >> This was a new > >> install, and it lasted about 4 days. One person heard thru the cracker > >> grapvine that root was broken thru /bin/mail. > > P> Did you happen to install the following, in particular 101436-02? > > P> Solaris 1.1.1 Patches Containing Security Fixes: > P> ------------------------------------------------ > > P> 101436-02 SunOS 4.1.3_U1: bin/mail jumbo patch > >This is the patch which made the race condition *easier* to exploit >than it was in the unpatched version. I dont know about you guys but having used and proved all of the binmail exploit scripts the quick and dirty fix for them is put this in rc.local: /bin/touch /usr/spool/mail/root /bin/touch /usr/spool/mail/sysdiag /bin/touch /usr/spool/mail/sundiag /bin/touch /usr/spool/mail/[any other uid 0 acct] It closes the need-a-root-owned-mbox problem. There are other additions for rc.local to close more bugs, but lets wait the usual six months :) Cheers, Mark