"In the previous message, John Abreau said..." > > I'd think the most straightforward fix would be to replace the uses of > system(...) in the source. In the example above, replace > system("mkdir foo"); > with > mkdir("foo", 0700); > > (This assumes, of course, that you have sources...) Unfortunately, most don't, so if a patch isn't available, one must do creative things with privs and perms (or disable expreserve) to fix it. Its amazing that bug still remains, as widely known as it is and as old as it is. Practically every OS vendor has some kind of patch for it, yet continue to not fix it in subsequent releases. Makes one wonder. Perhaps a few people sent 'to the bullet-riddled wall' for using system() at full SUID privs in a SUID program would reduce such usage in the future... :-) -- pat@rwing [If all fails, try: rwing!pat@eskimo.com] Pat Myrto - Seattle WA "No one has the right to destroy another person's belief by demanding empirical evidence." -- Ann Landers, nationally syndicated advice columnist and Director at Handgun Control Inc.