>I don't have access to AIX, so I can't read the vmount() docs, so this >may be a non-issue...but unless it enforces "nosuid,nodev" for non-root >mounts, there are much greater problems - like someone mounting a >filesystem providing suid executables, or device special files with >permissive mode bits. According to the vmount() documentation in Info-Explorer here (AIX 3.2.5): "A mount to a directory or a file can be issued if the user has both of the following: - Search permission to the directory or file to mount - Search and write permission to the directory or file to mount over. To mount a block device, remote file, or remote directory, the calling process must also have root user authority." >(Note that if, as the first message implies, >vmount() allows the mounting of a daemon on a directory, then these >executables and/or special files do not have to actually exist >anywhere; root access on another machine is not needed.) I'm not sure I understand exactly what you mean by "mounting of a daemon on a directory", but it sounds like what IBM would refer to as writing your own "virtual file system helper". In AIX, entries for these have to be added to /etc/vfs, which shouldn't be writeable by normal users. Andrew. -- +-----------------------------------------------------------------------------+ | Andrew Dawson, Systems Integration Section, Operating Systems Group | | Information Systems Division, University College London | +-----------------------------------------------------------------------------+