I noticed that suexec doesn't abdicate the controlling terminal either, and I'd not be surprised to find out that non-suexec CGI invocation didn't do this either. The result is that I've just been able to escalate from local user --> root by writing a hostile CGI script - this is no longer just a case of having to find an exploit in apache itself. Richard