On Tue, 16 Sep 1997, Jim Reid wrote:

> 8 years now. Sure, that means that it could be possible for people to
> send evil control command sequences to the pty. However, this IMHO is
> less of a risk than running a big, complex program as root when the
> program doesn't really need that privilege and therefore may well have
> unanticipated security holes in it. Writing *secure* setuid programs
> is hard, even for trivial applications. Doing this for xterm must be
> incredibly difficult.

Hold on!  Granted, having xterm suid is a bad idea, but are you really
suggesting it is worse than leaving xterm's pty's open?  Without
adequately protecting these pty's, any user can issue any command as the
owner of the xterm -- and you consider this a security _improvement_?

The `right' answer would be to have a small suid program execed by xterm
to do its dirty work, but if you are going to run xterm as it now
exists, you are, in fact, much more secure running it suid.  (Another
good argument against using xterm at all, IMHO ... not that I don't)

--
				Jim Wise
				jim.wise@turner.com