BSD tty security, part 3: How to Fix It

[Dan Bernstein]

In article <19309 at rpp386.cactus.org> jfh at rpp386.cactus.org (John F Haugh II) writes:
> It's obvious that you are thinking a lot harder than Dan, but it
> isn't clear that you understand the nature of the problem.  A SAK
> squence must be absolutely uninteruptable (for lack of a better
> word).

John, I am assuming the existence of a well-known SAK for a given line,
and pointing out how it can be used to increase security. You're
attacking the mere concept of an SAK. As Multics and several other
operating systems showed quite clearly, SAKs do exist, so any arguments
to the contrary are wrong.

> But SAK alone is not the end-all to security.  You also need an
> application that can do useful things with SAK, and Dan's suggestion
> that every SAK kills everything on the line is just too gross.

I have never made any such suggestion, and I despise the way that you
have misrepresented my proposals. I advise readers to check my postings
rather than believing John's statements about them.

(What I actually suggested is that SAK disconnect the current session.
This means that the user can later log in again and reconnect, resuming
work where he left off. For further details on session management, see
my pty paper, Bellovin's session manager paper, or VMS documentation.)

---Dan