Adopey.136
net.unix-wizards
utzoo!decvax!duke!unc!dopey.smb
Fri Mar  5 10:52:33 1982
Re: Great gaping security hole
To the best of my knowledge, that glitch was first described by
duke!trt and duke!jte in their paper on writing setuid programs
(it's an example of why *no* files should be generally writable).

The reason it's so serious is that it's generally applicable -- almost
any site with sophisticated terminals is vulnerable.  (Ironically, IBM
machines are among the *least* vulnerable; they use 3270 terminals,
where the transmit screen command is out of band, at least for locally-
attached ones.)  I would add one or two frills on the basic idea, but
I probably shouldn't; they help avoid detection.....