Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!uakari.primate.wisc.edu!ames!haven!adm!news
From: sct60a.sunyct.edu!buck@sct60a.sunyct.edu (Jesse R. Buckley Jr.)
Newsgroups: comp.unix.questions
Subject: Re: Messages to the console
Message-ID: <25145@adm.brl.mil>
Date: 29 Nov 90 03:14:41 GMT
Sender: news@adm.brl.mil
Lines: 24

On Nov 27, 16:10, David Elliott wrote:
} [EDITED]
} Even assuming that Venkat has root priveleges, changing just any old
} program to be setuid can have serious consequences.  I recently found
} that a program that had been changed to setuid root for using the
} SVR4 real-time scheduler didn't deal with file access correctly, and
} could be used by anyone to overwrite any file in the system.
} 
} In this case, I believe it's better to use some connection to syslog
} (either the syslog subroutine or the logger program), since that will
} allow for configuration of the messages.  Programs (including parts
} of the kernel) should avoid writing directly to the console.
}-- End of excerpt from David Elliott


        OK OK, you got me!  I hadn't thought of that, and I should have said
something about security.  I did assume (I know.) that it was a isolated
program though.



-- 
-Buck                    ! User n.: A programmer who will believe 
(buck@sct60a.sunyct.edu) !          anything you tell him.