Messages to the console
Jesse R. Buckley Jr.
sct60a.sunyct.edu!buck at sct60a.sunyct.edu
Thu Nov 29 14:14:41 AEST 1990
On Nov 27, 16:10, David Elliott wrote:
} [EDITED]
} Even assuming that Venkat has root priveleges, changing just any old
} program to be setuid can have serious consequences. I recently found
} that a program that had been changed to setuid root for using the
} SVR4 real-time scheduler didn't deal with file access correctly, and
} could be used by anyone to overwrite any file in the system.
}
} In this case, I believe it's better to use some connection to syslog
} (either the syslog subroutine or the logger program), since that will
} allow for configuration of the messages. Programs (including parts
} of the kernel) should avoid writing directly to the console.
}-- End of excerpt from David Elliott
OK OK, you got me! I hadn't thought of that, and I should have said
something about security. I did assume (I know.) that it was a isolated
program though.
--
-Buck ! User n.: A programmer who will believe
(buck at sct60a.sunyct.edu) ! anything you tell him.
More information about the Comp.unix.questions
mailing list