>> >This isn't just an esoteric problem. I wonder how many people have
>> >'fortune' in their /etc/profile? Wouldn't take you long to get a root shell.
>> 
>> This is a bit of a red herring; fortune(6) isn't controlled by dm.
>
>Oh, um, you're right. I was sure I'd checked that ;-) :(.

but...as was already pointed out, fortune is *owned* by games.  get
the games uid, usurp the binary, get root after the next time root
logs in (assuming that fortune is run from /etc/profile or
/etc/csh.login).

-- 
|-----< "CODE WARRIOR" >-----|
andrew@echonyc.com (TheMan)        * "ah!  i see you have the internet
codewarrior@daemon.org                               that goes *ping*!"
warfare@graffiti.com      * "information is power -- share the wealth."