> People with local ftp access can use the filedescriptors in /proc of > the iwu.)ftpd process (which is running under their euid) to read and append > to files to which they should not have access. This gives write permission > to /var/adm/wtmp and read access to /etc/shadow, if your ftpd is hacked > in a 'dirty' way to incorporate shadow passwords. The 2.4 version also > gave write access to /var/adm/xferlog. A friend of mine reported write > access to /etc/ftpconversions (with possible root vulnerabilities), but > I have not been able to repeat that (2.4.2 beta 4 appears to be safe in > this) Maybe I'm completely missing the point, but wouldn't this help? linux# chown root.kmem /proc linux# chmod 750 /proc And then sgid kmem all the binaries that need /proc access: linux# chown root.kmem `which w` `which ps` `which top` (etc) linux# chmod 2755 `which w` `which ps` `which top` (etc) This restricts ordinary users from wandering around in /proc, and thus being able to access the "unclosed" files. James -- James Abendschan jwa@nbs.nau.edu Will Hack For Food <a href="http://www.nbs.nau.edu/~jwa">Zero Funk Kick</a>