> Looks to me as though exec() sets the UID on the process per setuid > bits before it checks for arguments too long, and doesn't take care to > undo this properly in that case. > [..] > > Depends on where the bug came from. If it's one of those ever-since-V7 > bugs it should be widespread; if it's a fumble-fingers mistake from > BSDI it's probably not elsewhere. I'm sure everyone can imagine > variations. I'm certainly going to test _my_ systems! It might be a fumble at sctc when adding the type system. Ie: exec() sets type to mail, exec fails, type remains in place. > der Mouse > mouse@collatz.mcrcim.mcgill.edu