How does one go about determining the dangerousness of the (ex)preserve holes? I notice on my SunOS 4.1.x systems that both expreserve and exrecover are suid root, but I assume that the latest versions of either the editors or the OS ignore this when playing with the IFS variables. Please tell me this is a correct assumption! I'm not sure if our friends at 8lgm etc. have a script for this, but I'm curious as to the ongoing danger of these holes. I've basically battened down the hatches on my sunos 4.1.3_U1 system to the point where all of the previously distributed exploits fail on my hardened system (please note that EVERY ONE SUCCEEDS on a stock sunos 4.1.3_U1 out of the box, with no modifications - be very, very scared!). However, when scanning for suid(0) programs, I noticed these two little jewels. Any comments? P.S. What is the official verdict on the little snippet of code posted by SCTC? Do the code jockeys amongst us accept this as legit? To think all I needed to do was type this in, avoid the root account watching my every keystroke, telnet to the supervisor machine before root disconnected my session and/or killed the process, hope that the site didn't mysteriously exhibit "PPP link problems" at that crucial moment, assume that there was in fact a cookie program on the other end, and I would have won a lovely leather jacket. Simple, really. Cheers, Matthew (matt@worldlinx.com)