This way of attack seems useless to me. This is also used on RH 8.0 systems, and for both 8.0 and 9 systems: drwx------ 4 root root 4096 Jun 27 08:43 /var/run/sudo Which means that if the packages are properly built (and will make sure that this directory gets this permissions if it existed before the rpm is installed), this attack will gain you nothing, since you need to be root to exploit it. If you can get root access to make this attack possible, then you might as well launch a shell instead. Carlos
