Interactive shells in emacs: a security problem?
Benson I. Margulies
benson at odi.com
Sun Aug 27 08:12:46 AEST 1989
In article <2255 at umbc3.UMBC.EDU> mark at umbc3.umbc.edu.UMBC.EDU (Mark Sienkiewicz) writes:
Here's how Multics dealt with this class of issues:
First: all terminal devices were owned by the Initializer. (think of
it as init.)
Second: if a user process wanted a terminal, like a dial-out or
a pty-equivalent, it had to ask the Initializer via IPC. (imagine
a server on a Unix-domain socket.)
Third: When a user got a terminal, they only got it until it hung up
or their process went away. Then the Initializer regained control and
got to reset the thing to a clean state.
Fourth: for pty-like entities, which I have to admit were not
extensively used by nonprileged code, the two ends were maintained
in suitable access control parallel.
I've always thought that Unix needed a pty allocation management
scheme, to avoid problems of hogging, to avoid access control problems,
and to get utmp and such management to work without any setuid stuff.
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list