Hello, A while ago I mailed about ff.core and wsinfo security problems on Solaris 2.3. At the time many people replied saying either get patch 101889 or upgrade to Solaris 2.4. ["ff.core contains 2 security bugs -- both are patched in Solaris 2.4"] I've just installed Solaris 2.4, installed the patch cluster supplied, and also installed a couple other patches. I can still crash both ff.core and wsinfo with ease. Wsinfo dumps core too - as group sys. I looked at couldn't find patch 101889 integrated into Solaris 2.4. Infact that last listed was 101888. I haven't investigated any futher (ie attempted exploits), but I'd guess that the upgrade from 2.3 to 2.4 had now recreated the bug :-( Surely it can't be that hard to fix it for Solaris 2.4 too! Wsinfo doesn't appear to be mentioned in any patches. I guess it's not been fixed. I've no idea whether there's a hole in it or not - just that I have a deep distrust of setuid/setgid programs that core dump. Finally, my newly upgraded system appears to have /usr and /usr/sys (probably others too) in group sys and group writable. I chmoded this, but then a subsequent installpatch set them back again. Is there a database online somewhere that I can correct this information in to prevent installpatch doing this? James