Folks,
Someone forwarded me your mails to Bugtrack on this security problem.
What I can tell you is that this "SUID program dumping core and
following sym-links" problem is known about and a fix has been
already written and well tested. This fix has already been submitted
to the BL8 patch kit sources pools for the various V4.0* versions, and
is due for public release quite soon. You can get the BL8 patch
kit(s) for your version(s) either from the web (the usual place)
or from your local CSC.
Cheers,
John
--------------------------------------------------------
John McNulty | Email: jm@uvo.dec.com
UK CSC, Unix Support Group | Tel: (44) 1256 373862
Digital Equipment Corporation | DTN: 833-3862