Chris Angelico <rosuav at gmail.com>: > The real question is: How malicious can your users be? Oh, yes, the simple way to manage the situation is for the server to call seteuid() before executing the code after authenticating the user. Marko