Subject: re: $HOSTALIASES thing.
To: None <email@example.com>
From: matthew green <firstname.lastname@example.org>
Date: 11/05/2000 01:03:03
still, a bad guy can write an application just for overflowing /var.
with setuid'ed xterm, it is not really possible (bad guy may be able to
start as many xterm as I can). i don't have the complete solution
anyways but i think it still better to use setuid'ed xterm (of course,
xterm should drop setuid earliest possible).
this is false. i can overflow /var on any machine that makes a log entry
for some action i can take as many times as i like. eg, logger(1).
xterm is a program we should *definately* want to remove any privs from.