[Thus spake Greg A. Woods ("GAW: ") Yesterday...]

GAW:
GAW: > You link your program with
GAW: > 'cc -L/tmp/test suid-root-me.c -o /usr/bin/suid-root-me' and that
GAW: > looks innocent until the system cleans /tmp and the next unpaid admin
GAW: > logs into the system.
GAW:
GAW: Any admin, paid or unpaid, who runs a program that was not not well
GAW: vetted to meet system security requirements deserves all the hell he or
GAW: she lets loose.
GAW:
GAW: There is nothing but a false sense of security on systems that are not
GAW: run by following a well designed security policy, one that covers how
GAW: software is built and installed _and_ used.
GAW:
GAW:

Tangential note:

After reading all this stuff about security this and security that, it's
clear to me that "security" is nothing more than an active part of the
marketroid lexicon.

The ultimate goal, I'm noting, is to make systems administration
into monkey-quality work, or to do away with it altogether.

To insist that that's even possible is complete and total folly.
SA is NOT grunt work, and you get what you pay for.

Instead of focusing on "security" in any meaningful way, many are content
to micro-manage the real meaning of "security" just for a buck.  The
sooner we get out of our delusional admin-less visions, the better off
we will be.

Never mind that yeah, I'm an SA, but I suspect so are many of the people
here.

SECURITY:
	- Always audit new software.
	- Do not use firewalls or DMZ boxes as dev platforms.
	- Do not allow dev boxes to play any meaningful role in production.
	etc.  (I'm sure any of us could expound on this.)

Back now to your regular thread.  Apologies for "hijacking" it.

				--*greywolf;
--
Theorem #1:  There are several ways to create a quantum black hole.
    - Butter a piece of bread and tie it, buttered side up, to a cat's back.
    - Launder any number of matched pairs of socks.
    - Divide by zero.  Someone will disappear.  It might be your lucky day.