Jim Meyering <[EMAIL PROTECTED]> writes: > It sounds like you're explaining why it was important to use O_NOCTTY > on ancient systems. Do you really think it is important now?
I don't think it's _important_, no; it's a minor issue. The scenarios that I'm thinking of are fairly unlikely and don't provide that much benefit to the attacker. For example, suppose someone has physical access to a serial port that is otherwise unused, and plants a symlink-to-it in /tmp where an unwary long-running root process can pick it up. That sort of thing. I suppose on some hosts it could be done even without hardware access, by using pseudottys. (Not that I'm inclined to try this!) > Otherwise, this (omitting O_NOCTTY) would constitute a significant > security risk and it would have been well documented. I tend to agree about "significant security risk". Internal vandals are not that big a deal these days, on most hosts. However, I suspect that the vandalism is possible, at least on System Vish hosts. (It's not possible on GNU/Linux thank goodness.) _______________________________________________ Bug-coreutils mailing list Bug-coreutils@gnu.org http://lists.gnu.org/mailman/listinfo/bug-coreutils
