Hello fellow Linux and probably other unices supported by OpenSSH portable. C hackers here, anybody else see that recent OpenSSH vulnerability? Is it just me or was it just a bad idea to use system(3) there. I read the upstream advisory, and it's kinda funny that they talk about *blacklist* a bunch of chars in there instead of using execlp/fork or popen and friends? Regards, Alex Pilon P.S. Bruce. I'll get to your other email some time soon. Work.