From: bir7@leland.stanford.edu Subject: Re: Patch to fix vhangup() Date: 15 Feb 1993 22:34:52 -0500
| Ross and I have talked this over (quite extensively) over private email,
| and I believe I've managed to convince him that the security hole is not
| much bigger than what was there before. Also, the current
| implementation of vhangup() suffers from a serious defect, in that it
| can cause unspecting programs to scribble over the wrong files.
I agree that vhangup was broken and this is problably less so;
however I'm not entirely convinced there are no holes. Basically it
leaves the ioctl's around for anyone to mess with which IMHO is very
bad. Also I believe that the screen dumping opens up some potential
"covert channels" and should only be able to be run on another console
or by root (might allow for a print_screen daemon).
Ross