...

...

(there are far too much packages to remember them all ;-))). Let's hope that the code of that one is better ... well, time to do a sourcecode audit :( *sigh* Slightly off topic, but I've been hearing on and off about automated apps that search c source code for "gross violations" of a security nature (improper buffer checking comes to mind here) in the so called underworld.

Well, do you mean tools such as ITS4 (http://www.rstcorp.com/its4/), which may help you doing an security audit. But I do not have any experiences with it. Marc? Thomas?

I checked it out and it is not that useful, because too many false alarms are generated and it does only check for a small portion of vulnerability types. And it's something Thomas and my scripts are already doing as well. Greets, Marc -- Marc Heuse, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: marc@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~marc/marc.pgp | pgp -fka" Key fingerprint = B5 07 B6 4E 9C EF 27 EE 16 D9 70 D4 87 B5 63 6C