Path: utzoo!mnetor!tmsoft!torsqnt!news-server.csri.toronto.edu!clyde.concordia.ca!uunet!vicorp!root
Newsgroups: comp.windows.x
Subject: Re: Security problem with xterm?
Message-ID: <1990Jul16.080220.18747@vicorp.com>
Date: 16 Jul 90 08:02:20 GMT
References: <1990Jul10.002705.13718@cs.umn.edu> <9007101330.AA18616@expire.lcs.mit.edu> <1990Jul11.195550.8608@cs.umn.edu>
Organization: College of Engineering, Maryversity of Uniland, College Park
Lines: 27

In article <1990Jul11.195550.8608@cs.umn.edu> brsmith@cs.umn.edu (Brian R. Smith) writes:
>rws@EXPO.LCS.MIT.EDU (Bob Scheifler) writes:
>> Is that too complicated?
>Er - one vote here for "yes".
>
>As long as you're whipping up another client to grab the console output,
>why not just let it run all the time?  Like (sortof) what NeXT has.

(if this sounds like a flame, it isn't, I just feel strongly about this)

Because it would be very hard for people to design, test and use a better one.
Given the two choices: (a) it is very hard to figure out how to replace the
xconsole, and (b) it is easy to replace xconsole, if you are root, or if you
know how to break into root and don't care about getting cought, I would pick
(a).  I don't want to be stuck with whatever the people at MIT write in 15 min
because there was something more important to fix in the dix code for 2 years.
I want to be able to fix it.  I want other people to be able to fix it.  I
want other people not to bug me because I decided the "best" xconsole for 200+
computers is not the one they think is best for them.  No way.

Isn't "mechanism not policy" ("tools not rules") a major X design goal?
-- 
           stripes@eng.umd.edu          "Security for Unix is like
      Josh_Osborne@Real_World,The          Mutitasking for MS-DOS"
      "The dyslexic porgramer"                  - Kevin Lockwood
"Don't try to change C into some nice, safe, portable programming language
 with all sharp edges removed, pick another language."  - John Limpert