Doug Hughes wrote: >If I recall correctly, (I could be wrong), was the original discussion >about sudo? If so, why not statically link it? (I'm not discounting >the importance of the LD_* problem). This is not the problem. For setuid programs the LD_* variables will be ignored. This ought to be true on all systems (although a very early release (BL10 I think) of DEC OSF/1 had this bug). The check is done by looking at real and effective uids (and gids) to see whether they're the same. However the problem arises when the program sets the two uids to be the same and then executes another program. In this case the LD_* problem will exist again as the child process will pass the above test. This caused problems for sudo, login -p, su, lpr, sendmail (programs in .forward files) and probably more. As I recall SunOS4.1.3 fixed this - presumably by removing the LD_* variables when the test above fail, although I haven't checked this. James -- James Bonfield (jkb@mrc-lmb.cam.ac.uk) Tel: 0223 402266 Fax: 0223 412282 Medical Research Council - Laboratory of Molecular Biology, Hills Road, Cambridge, CB2 2QH, England.