mkpasswd: acutally its worse than just not many passwords
due to a fault in expect the interpreter that runs the mkpasswd script it is trivially easy to cause arbitrary commands to be executed by someone else. under RH7.0 anyway the search path for libs for it includes /var/tmp/ check out http://bugzilla.redhat.com/bugzilla/showbug.cgi?id=28224 for...