TIOCSTI (was Terminals are ridiculously insecure)

[Brandon S. Allbery]

As quoted from <18176 at adm.BRL.MIL> by rbj at nav.icst.nbs.gov (Root Boy Jim):
+---------------
| I agree that its very existence is a security *concern*, but I can see
| a few uses for it. How many times have users asked the questions: "How
| can a process change the {environment,working directory} of the parent?"
| This might be a good thing to do occasionally; one use would be to avoid
| the cortortions of eval'ing the output of tset.
+---------------

*gag* It's bad enough that tset has to vary its output based on my login
shell.

My idea of a (future) solution:  widen the exit code to an exit environment.
This would NOT be identical to the environment that's passed in, but instead
would allow a program to provide multiple exit values.  For compatibility,
exit(n) would return an exit environment containing "EXITCODE=n" and nothing
else.  A program could use setxenv() to stuff other values into the exit
environment, such as "TERM=footerm".  A new wait() call (waitenv()) would
take a pointer and buffer length as an argument and fill the area pointed to
with as much of the xenv as will fit.  I would *not* have shells
automatically place the xenv in the environment, I would probably add a
command "import" to /bin/k?sh and "getxenv" to csh to transfer variables
into internal (NOT environment) variables and let scripts handle it from
there.  (No, $foo-type ings would NOT work.  $ is overloaded enough already,
especially in csh where it has to refer to either of two completely
different namespaces.)

++Brandon
-- 
Brandon S. Allbery, moderator of comp.sources.misc	     allbery at ncoast.org
uunet!hal.cwru.edu!ncoast!allbery		    ncoast!allbery at hal.cwru.edu
      Send comp.sources.misc submissions to comp-sources-misc@<backbone>
NCoast Public Access UN*X - (216) 781-6201, 300/1200/2400 baud, login: makeuser