Xref: utzoo comp.unix.wizards:25684 alt.security:2580
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!think.com!spool.mu.edu!uunet!hela!lokkur!scs
From: scs@lokkur.dexter.mi.us (Steve Simmons)
Newsgroups: comp.unix.wizards,alt.security
Subject: Re: BSD tty security, part 3: How to Fix It
Message-ID: <1991May17.222525.6108@lokkur.dexter.mi.us>
Date: 17 May 91 22:25:25 GMT
Article-I.D.: lokkur.1991May17.222525.6108
References: <19270@rpp386.cactus.org> <25833:May1416:43:4291@kramden.acf.nyu.edu> <19276@rpp386.cactus.org> <14021:May1521:56:2291@kramden.acf.nyu.edu>
Organization: Inland Sea
Lines: 17

brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:

>In article <19276@rpp386.cactus.org> jfh@rpp386.cactus.org (John F Haugh II) writes:

>> What about a case
>> where my application looks just like "passwd", but is really just
>> a pipe or somesuch (like the "pty" command) from your keyboard to
>> the real passwd command.

>Who tf cares? A sane user will never invoke such a pipe. It's not
>passwd's responsibility to check that the user is sane.

There are one hell of a lot of insane users out there.  I've seen them
regularly for the past ten years.
-- 
 "FACT: less than 10% of the psychiatrists in the US are actually
  practicing cannibals."  Rod Johnson