Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!purdue!bu-cs!bloom-beacon!mit-eddie!mit-amt!mit-caf!vlcek
From: vlcek@mit-caf.MIT.EDU (Jim Vlcek)
Newsgroups: comp.unix.questions
Subject: Programmable function keys
Message-ID: <3055@mit-caf.MIT.EDU>
Date: 26 Aug 89 02:21:53 GMT
Reply-To: vlcek@mit-caf.UUCP (Jim Vlcek)
Organization: Microsystems Technology Laboratories, MIT
Lines: 14

On the security problem arising from programmable function keys being
reprogrammed by output from programs like finger or cat, I think that
the fault here lies with the too-trusting terminal, not with Unix
terminal drivers.  The normal operation mode of a terminal, it seems
to me, should be to ignore attempts to reprogram it from its serial
port, and to accept such attempts only when configured to do so.  Such
configuration, of course, would be a setup option.

The ideal terminal would demand a password to reprogram any keys or
configure the terminal to accept programming over the serial line.
This would disallow coworkers from rebinding F10 from "logout<CR>" to 
"rm -rf .", or something similar, while you're out getting coffee.

Jim Vlcek (vlcek@caf.mit.edu  uunet!mit-caf!vlcek)