Matthew Harding wrote: >How does one go about determining the dangerousness of the (ex)preserve >holes? I notice on my SunOS 4.1.x systems that both expreserve and >exrecover are suid root, but I assume that the latest versions of either >the editors or the OS ignore this when playing with the IFS variables. >Please tell me this is a correct assumption! I'm not sure if our >friends at 8lgm etc. have a script for this, but I'm curious as to the >ongoing danger of these holes. I know that the unpatched Sun 4.1.? version of expreserve also suffered from a race condition where you could trick it into writing it's tempfile onto a symlink to a root owned file. The patch number is 101579-01 (It's on the Solaris 1.1.1 Recommended Patches list.) Some of the free UNIX OSs (FreeBSD and NetBSD) as recently as like a year ago still had a setuid expreserve that called system(3) to send notification mail. (They have since switched to nvi, which has a far superior method of handling editor preserves). -- William McVey Instructional Labs Administrator Purdue Universtiy CS Dept.