Path: utzoo!utgpu!watmath!watdcsu!dmcanzi
From: dmcanzi@watdcsu.waterloo.edu (David Canzi)
Newsgroups: comp.unix.wizards
Subject: Re: TIOCSTI (was Terminals are ridiculously insecure)
Message-ID: <5481@watdcsu.waterloo.edu>
Date: 2 Feb 89 23:10:35 GMT
References: <18176@adm.BRL.MIL> <13369@ncoast.ORG>
Reply-To: dmcanzi@watdcsu.waterloo.edu (David Canzi)
Organization: U. of Waterloo, Ontario
Lines: 50

In article <13369@ncoast.ORG> allbery@ncoast.UUCP (Brandon S. Allbery) writes:
>| I agree that its very existence is a security *concern*, but I can see
>| a few uses for it. How many times have users asked the questions: "How
>| can a process change the {environment,working directory} of the parent?"
>| This might be a good thing to do occasionally; one use would be to avoid
>| the cortortions of eval'ing the output of tset.
>
>*gag* It's bad enough that tset has to vary its output based on my login
>shell.
>
>My idea of a (future) solution:  widen the exit code to an exit environment.
>This would NOT be identical to the environment that's passed in, but instead
>would allow a program to provide multiple exit values.  For compatibility,
>exit(n) would return an exit environment containing "EXITCODE=n" and nothing
>else. ...

*gag*

Observe the following excerpt from my .login file:

set noglob
eval `tset -Q -s -e'^H' -k'^X' -m 'dialup:?vc404' -m 'gandalf:?vc404' -m 'sytek:?vc404'`

Pretty contorted, no?  But most of the contortion is in the complicated
calling sequence of tset, combined with some oddities of the local
environment.  For some simpler command, the following would suffice:

set noglob
eval `foo`

This isn't particularly complicated.  The "eval" command and the use of
grave quotes are each individually simple features.  (The "noglob"
feature seems to be a bit of a wart in the design of the csh, but I
don't know how, or if, it could have been avoided.) The only reason I
can see why these might cause problems for some people is that these
simple features are effectively lost in the 80-kilobyte feature-packed
manual "page" for csh.  (Some people would rather use a tool than spend
the major part of their lives studying it.  Go figure.)

Adding a new feature, exit environments, to the system and adding
support for this feature to the shell only aggravates the underlying
cause of the problem it is meant to solve.

"The chief cause of problems is solutions."

-- 
David Canzi	Unix system design and maintenance philosophy, in a nutshell:
		for( ; problem_count > 0 ; problem_count-- ) {
			feature_count += 1; problem_count += 2;
		}