>> Does anybody have information about the Solaris 2.4 bug fixed in the >> patch Patch-ID# 102044-01 : >> SunOS 5.4: bug in mouse code makes "break root" attack possible > The bug was in Solaris 2.3 and yes it was the mouse driver. > I'm still mulling over the propriety of posting the 3 line C program > that expliots this hole and gives any user root. Personally, I'd advise against posting it - but some description of the bug would be appreciated. (Does some ioctl not check its arguments sufficiently stringently, for example?) Or if you don't understand it and don't want to go to the trouble to figure it out, I'm sure someone with a Solaris 2.3 system would volunteer to do so. I'd volunteer myself except that I don't have access to any such system. der Mouse mouse@collatz.mcrcim.mcgill.edu