David Welton <davidw@gate.cks.com> writes: > You also have to look at what programs root runs on tainted data. > Remember the big fiasco with 'update' or whatever it was a while ago? > Didn't it turn out to be 'find' or something? Don't recall the > specifics, but it certainly wasn't an suid program. Is somewhere a list of programs considered safe to be called from privileged scripts etc.? -- Kalle Olavi Niemitalo <tosi@stekt.oulu.fi>, http://stekt.oulu.fi/~tosi/