Can anyone reproduce this? Apache seems to have closed the tty fd well before running a CGI. I haven't been successful abusing it with TIOCSTI. Does anyone see a way that this is actually a security problem? -- Kees Cook @outflux.net