> A while ago, there was a discussion about gaining root access via suid
> programs through exploiting libcrypt.so.*. Well, since the libraries
> are installed with owner bin (group bin), it appears that if you are
> able to become bin on a system, gaining root is trivial.

if you are able to gain user 'bin', you can do damn near anything
you want.  have you looked at the ownership of /bin/sh lately?


cgd

------------------------------------------------------------------------------