-----BEGIN PGP SIGNED MESSAGE----- >Since I had heard that Solaris 2.4 was shipping, I ftp'd to >sunsolve1, cd'd to pub/patches, and pulled over the >file named Solaris2.4.PatchReport, which I am including at >the end of this message. It looks like there are some >serious security problems with 2.4, namely a problem with su >echoing the password on the console, a problem with portmapper, = >and a problem with the mouse code which makes "break root" attack = >possible. Apparently the protmapper problem was fixed with an >earlier patch to 2.3, because the README for the portmapper >patch says it "re-appeared in 5.4". can someone elaborate on the problem with the Solaris "mouse code" and = portmapper? -Pete -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLtfHxHynuL1gkffFAQGE+AH9HVjwfLUQ6DcgQtdrZF2GPQZ4bWOxiM5j bgdSBeIL4WUCNL9ve1LZx6ldhCAe1XwdFqv16PbYcwLhqxxzJLxt0w=3D=3D =3DTxpV -----END PGP SIGNATURE-----