Subject: re: $HOSTALIASES thing.
To: None <>
From: matthew green <>
List: tech-kern
Date: 11/05/2000 01:03:03
   	still, a bad guy can write an application just for overflowing /var.
   	with setuid'ed xterm, it is not really possible (bad guy may be able to
   	start as many xterm as I can).  i don't have the complete solution
   	anyways but i think it still better to use setuid'ed xterm (of course,
   	xterm should drop setuid earliest possible).

this is false.  i can overflow /var on any machine that makes a log entry
for some action i can take as many times as i like.  eg, logger(1).

xterm is a program we should *definately* want to remove any privs from.