Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utcsrgv!garfield!andrew
From: andrew@garfield.UUCP (Andrew Draskoy)
Newsgroups: net.unix-wizards
Subject: Re: TIOCDTR (bug | feature)
Message-ID: <433@garfield.UUCP>
Date: Sat, 2-Jul-83 01:31:55 EDT
Article-I.D.: garfield.433
Posted: Sat Jul  2 01:31:55 1983
Date-Received: Sat, 2-Jul-83 23:06:09 EDT
Lines: 9


    If you change write to be set-uid root, you must add in two things:
One is a setuid(geteuid()) before the exec for a shell escape.  almost
as important, but less obvious, is that you must scrutinize the optional
ttyname arguement to prevent things like

	write user ../etc/passwd

This would of course be disasterous...