> > I'm sorry if this has been discussed before. > > There is a major security problem with auditing under solaris 2.3 > and 2.4. If you run bsmconv to turn on auditing, any user can > break root very very easily. I'ld say more but I'ld like to give > sun at least a little bit of a chance to fix it first. > > I have access to the source code for the os and have tracked down > the one line of bad code. How can I contact Sun to tell them the > problem with this line of code????????????? Send email to info@iss.net with the following in the body of the message: send vendor for faq This will send you the FAQ for various vendors to get in touch with. You can also email Sun at security-alert@sun.com and I am sure Mark Graff can help you. Chris -- Christopher William Klaus Voice: (404)441-2531. Fax: (404)441-2431 Internet Security Systems, Inc. Computer Security Consulting 2000 Miller Court West, Norcross, GA 30071