Aduke.1874
net.followup
utcsrgv!utzoo!decvax!duke!bcw
Fri Mar 12 02:31:01 1982
Re: On telling people not to crack security
There is a method (in principle) for fixing the security bug
permanently which would not require extreme caution on the part
of the super user or on the part of people writing programs which
might communicate between different users. I doubt that it could
be applied to the current version of Unix efficiently, although
sufficiently paranoid users might be able to implement it now at
a significant cost in computer time.
A while back there was a discussion about a terminal protocol
handler which could be specified on a per-terminal basis and which
would be able to run sort of between the terminal driver (very dumb
in this scheme) and everything else (I think some version of Multics
has something like this). It would be quite easy to have this handler
check the sequences being sent to the terminal and edit out any
offending sequences. Since it would be specified on a per-terminal
basis, it could know which specific sequences were dangerous, and
not have to worry about what some crazy terminal somewhere might be
vulnerable to. Therefore, it would still be possible to use the
display enhancement features of the terminal without fear of allowing
a trap door.
Comments?
Bruce C. Wright @ Duke University
-----------------------------------------------------------------
gopher://quux.org/ conversion by John Goerzen <
[email protected]>
of
http://communication.ucsd.edu/A-News/
This Usenet Oldnews Archive
article may be copied and distributed freely, provided:
1. There is no money collected for the text(s) of the articles.
2. The following notice remains appended to each copy:
The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996
Bruce Jones, Henry Spencer, David Wiseman.
