D. Hugh Redelmeier (sometimes maintainer of Jove, current Linux FreeSWAN
pluto maintainer) pointed out to me last night at a party that there was no
race-condition free way for a non-root process (e.g. Jove, emacs, screen,
expect) to allocate a pty, since non-root can't chown() it, and thus can not
call revoke(2).

  DHR suggests that openpty(3) could invoke a setuid helper program like it
does on SVR4 to do this. My thought is that we should really have /dev/pts 
or some such that does the allocation, and does the chown() automatically.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [