>Why in all this telnetd flap has nobody mentioned that /bin/login should >be relinked STATICALLY? That at least defers the LD_* class of problem >until after login has done the setuid and exec, but still leaves things >like IFS passed to scripts. Unfortunately, we can't do that. Too much *requires* static dynamic linking, and in future even more will be required. (Pluggable Authentication Modules) BTW, login does filter other bad variables such as PATH, IFS and SHELL. Casper