Since enough of you have asked, here we go: The error was that I didn't follow my own directions for setting up the setUID area on the server. Instead, I made the www user the same ID as another user, I made /bin/sh in the setUID area executable by the world, and I made /bin/sh in the setUID area owned by the www user. Having done all three of the things you have to do to make a program executable by an outsider, the program became executable. The setUID environment left no way to expand the privilege, so even after not following directions and doing something extraordinarily stupid, the protection still held, but in order to protect against people as dumb as the designers, we made a change by removing the unnecessary execution capability of the get-only server. As a side issue, and one that I think is interesting and important, we are now developing a "POST-only" server to go along with the get-only server. The philosophy is that the environment suitable for outsiders to execute programs is much different from the one suitable for them to read files. By separating these environments, I think we can get far greater security while retaining the same functionality. -- -> See: Info-Sec Heaven using our New Super Secure World-Wide-Web Server -> Free: Test your system's security (scans deeper than SATAN or ISS!) ---------------------- both at URL: http://all.net ---------------------- -> Read: "Protection and Security on the Information Superhighway" John Wiley and Sons, 1995 ISBN 0-471-11389-1, 320 pp, $24.95 ------------------------------------------------------------------------- Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236