>> >> the other day, i happened to join a conversation about Unix security with >> a couple of fellows at a local bookstore. one of them mentioned the "magic" >> hole. i have heard mention of this hole before, but i assumed the hole >> no longer existed. apparently, this was a hole in /bin/login. > >This is probably associated with the MAGIC PID SUBSYSTEM which has >been implemented on a number of popular UNIX's. Basically processes >that acquire a MAGIC PID have special powers and can do 'magical' things. > >If a hole is found in a program (such as /bin/login) which is executing >in a process with a MAGIC PID, it is said to have a 'magic hole'. > >LINUX is generally recognised as having the most complete MAGIC PID >implementation. The benefits of MAGIC PIDs was discussed widely on IRC's >#unix and #root about 12 months ago. For more info, I guess you could >try the usenet LINUX or security groups. gee like what magical things? please more detail.. -Pete