Great gaping security hole

[utzoo!decvax!duke!unc!dopey.smb]

To the best of my knowledge, that glitch was first described by
duke!trt and duke!jte in their paper on writing setuid programs
(it's an example of why *no* files should be generally writable).

The reason it's so serious is that it's generally applicable -- almost
any site with sophisticated terminals is vulnerable.  (Ironically, IBM
machines are among the *least* vulnerable; they use 3270 terminals,
where the transmit screen command is out of band, at least for locally-
attached ones.)  I would add one or two frills on the basic idea, but
I probably shouldn't; they help avoid detection.....