Michael said: > I tried this attack on /usr/bin/ps and /usr/ucb/ps, and it > works on both of them. This makes me think that more than > just solaris 2.x machines are vulnerable (depending on the > /tmp sticky bit). I did a little poking around myself. SunOS 4.x's "ps": isn't suid root doesn't open any file in /tmp and even if it did, /tmp has the sticky bit set So only SunOS 5.x seems involved insofar as SunOS is concerned. I checked my HP's, and their ps is also not suid root, so they should be safe. True? dct