I am posting this on behalf of Novell Technical Support. Please contact them directly if you have any questions; if you must reply to me, I will forward. ======================================================================= Recently, there were three security advisories posted on the "net" associated with several versions of the Unix Operating System. These advisories are related to the following: /usr/lib/sa/sadc The command is sgid-on-exec to "sys" /usr/sbin/urestore The command is suid-on-exec to "root" suid_exec feature This pertains to "ksh". One of the operating system versions affected was the UnixWare 1.1 product distributed by Novell, Inc. Listed below are the results of the investigation that took place concerning the affected binaries: With respect to the "sadc" problem, the "sadc" binary in the UnixWare 1.1 product has been modified such that it no longer poses a security threat. This modification is provided as PTF683 and is available from Novell Technical Support at (800) 486-4835. With respect to the "urestore" problem, this requires an attribute modification to remove the suid-on-exec bit. The functionality of "urestore" should remain unchanged. This modification is also included in PTF683. The last advisory, suid_exec for ksh, does not apply to the version of "ksh" supplied with the UnixWare 1.1 product. This advisory relates to a feature in "ksh" that allows for the execution of suid-on-exec shell scripts. Since the UnixWare 1.1 product provides this capability in the exec(2) system call in the kernel, the UnixWare 1.1 product does not need to set that DEFINE value when compiling "ksh" to achieve this capability and hasn't since SVR4.0. Novell, Inc. has sent source fixes to all SVR4.0, SVR4.2, and SVR4.2MP OEM customers for both the "sadc" and "urestore" advisories. These vendors should be making them available to licensees of their SVR4.X-based operating systems. If you are using any of the versions mentioned above, you should contact the appropriate vendor to obtain their official update.