> Obbug:I have noticed this on SunOS 4.1.3 running X11R5 and > motif 1.2.3. Anyone can get limited (possibly more) access to the > system if: > -There is a ".xsession" file that is world readable in the root "/" > directory (i.e. 644 as usual) > -Sync account is left with default passwd entry of > "sync::5:1:/:/bin/csh" (i.e. Which is the Sun install default) If my memory serves me well, the SunOS 4.1.x default passwd entry for sync is: "sync::1:1::/:/bin/sync". Am I wrong ? Sure, this should be fixed because of things you show and the LD_LIBRARY_PATH bug. .xsession exploit is fine, but I've never seen .xsession file in root directory.. :) Thanks! --alex. -- Alexander L. Haiut +971-7-461658 Math & CS System group alx@cs.bgu.ac.il Ben-Gurion University, Israel http://www.cs.bgu.ac.il/~alx/