On Sun, 27 Nov 1994 00:30:27 -0700 
 Theo de Raadt <deraadt@fsa.ca> wrote:

 > > - Btw, while I'm asking, if new distribution kernels are re-gen'd, can I beg
 > >   (pretty please (-: ) that they be built with "options UCONSOLE", so that
 > >   "xconsole" will work out of the box?  All the other i386 kernel config files
 > >   seem to use it, and the only way to make "xconsole" work otherwise is to
 > >   make it setuid root, which not only makes me nervous but makes it possible
 > >   for other people to grab the console by running it (presumably they'd be
 > >   rejected by xauth-based mechanisms in the normal non-setuid case).

Or just run `xterm -c'  Works terrific - xterm is setuid-root.

 > 
 > As far as I am aware, defining UCONSOLE allows anyone to write a
 > 10-line program that will grab the console.
 > 
 > When UCONSOLE is undefined, only root can grab the console.
 > 
 > Do you really want me to open up this security hole? (If we had
 > something like fbtab I think it would be OK.)

--------------------------------------------------------------------------
Jason R. Thorpe               thorpej@cs.orst.edu                 758-2003
OJGSE NERO Project               CSWest Room 5                    737-5567
Shared Computing Environment Group         http://www.cs.orst.edu/~thorpej