Xref: utzoo comp.unix.wizards:25424 alt.security:2462
Path: utzoo!utgpu!cs.utexas.edu!natinst!sequoia!rpp386!jfh
From: jfh@rpp386.cactus.org (John F Haugh II)
Newsgroups: comp.unix.wizards,alt.security
Subject: Re: BSD tty security, part 3: How to Fix It
Message-ID: <19250@rpp386.cactus.org>
Date: 6 May 91 13:10:34 GMT
References: <kre.673345687@mundamutti.cs.mu.OZ.AU> <8993:May415:59:4491@kramden.acf.nyu.edu> <kre.673430200@mundamutti.cs.mu.OZ.AU> <17916:May522:46:2091@kramden.acf.nyu.edu>
Reply-To: jfh@rpp386.cactus.org (John F Haugh II)
Organization: Lone Star Cat Emporium and BBQ Grill
Lines: 16
X-Clever-Slogan: Help Prevent Robbery.  Tax the IRS.

In article <17916:May522:46:2091@kramden.acf.nyu.edu> brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:
>It won't be any extra work if they pick the current maximum fd and
>kludge getdtablesize() to subtract 1 from its answer. In any case, all
>that's important for security is that *some* file descriptor be used
>rather than the old /dev/tty driver.

Naw, this is still more than you have to do.  What happens if I move
u.u_ttyd from the u-page to the process table?  The reason you want to
use a file descriptor is because the file table is accessible - u_ttyd
isn't.  How about fixing that problem instead of creating another
hack?
-- 
John F. Haugh II        | Distribution to  | UUCP: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 255-8251 | GEnie PROHIBITED :-) |  Domain: jfh@rpp386.cactus.org
"If liberals interpreted the 2nd Amendment the same way they interpret the
 rest of the Constitution, gun ownership would be mandatory."