Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!sol.ctr.columbia.edu!emory!mephisto!rutgers!att!watmath!maytag!watdragon!jmsellens
From: jmsellens@watdragon.waterloo.edu (John M. Sellens)
Newsgroups: comp.windows.x
Subject: xterm - security hole if escape sequence returned DISPLAY??
Message-ID: <1990May8.015106.23796@watdragon.waterloo.edu>
Date: 8 May 90 01:51:06 GMT
Distribution: comp
Organization: University of Waterloo
Lines: 20

We were thinking of adding an escape sequence to xterm to return the
DISPLAY name, but xterm/misc.c contains this comment at the appropriate
point:
    /*
     * One could write code to send back the display and host names,
     * but that could potentially open a fairly nasty security hole.
     */
and it's not obvious to me how this would be a security hole. If
people can write to your terminal then you're in trouble already, and
the DISPLAY name doesn't seem to me to be a big secret i.e. it probably
appears in rwho, or utmp entries already.

Can anyone elaborate on this for me?  I'll be happy to summarize any
replies I get.

Much obliged,

John Sellens
University of Waterloo
jmsellens@dragon.waterloo.edu