Joy of joys. After running lsof (the security program identified by the CERT that lists open file) I found the following file: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache This file appears to hold pointers into device files, memory maps, etc. which lsof reads the next time around. It could be very dangerous since lsof normally runs as root. Please tell me I'm wrong and it's not a hazard. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236