> Above all, FIX THIS HOLE. As to 8lgm, I definitely supported you in the >past, but turning to security through obscurity this late in the game is a >turn for the worse. If you have written an exploit, make it public, or do >NOT give it to anyone, not even your best friend's dog. There's a lesson to be >learned that has been repeated throughout history: give out copies to only >a few people, and the entire cracker community will get it. Let's see a >little more "all or nothing" commitments from the security community. A word of caution for people running this script: all mail incoming between starting the script and ending it will be lost. If you interrupt the script, all of your mailbox is left in /tmp. I think that you'll find that Sun's patch 100224-13 fixes this hole as well as the race condition that existed when writing to /var/spool/mail. There has not yet been a security bulletin on this patch. I think the race is easier to win than this. All you need is one shot. Casper