On Aug 19, 10:58am, "Perry E. Metzger" wrote:
} Subject: Re: new rlogin security hole
} 
} VaX#n8 writes:
} > Anyone want to volunteer to help do security checks on all the
} > SUID programs?  I'd at least like to document why each one has to be
} > SUID (in the manpage), so you can decide if you need it SUID or not.
} 
} I'd say that an fgrep for strcpy, sprintf and a few others might get
} about 90% of the bugs...

Don't forget about all instances of these in library routines that
are called by SUID programs :-(

			---  Truck