>> The following is somewhat of a security hole in Solaris 2.x which >> allows any non-root user to remove themselves from /var/adm/utmp[x] >> files (who, w, finger, etc). [snip] > I tried this under Solaris 2.4 on an Intel box. It worked. [snip] > Anyone think a CERT advisory should be issued for this?? I do. Evasive maneuvers are the start to serious cracking.... the "feature" should be removed from the OS, and an advisory is a good way to post a red flag in Sun's to-do list my opinion anyway. dct