nic(a)niss.ac.uk wrote on 19-April-2000:
->My brain hurts just reading this (well the Unix98 pty bit anyway).
->
->I thought I'd forward first and check later, since many of you will be
->able to verify any of these problems quicker than I can.
1. Improper permissions on slave PTYs
Err, we don't support Unix98 ptys as far as I can tell, is that correct?
2. Unsafe creation of temporary files
Stating-the-obvious. If FSF Emacs 21 has make-temp-file we could steal
it. We do support the TMPDIR variable, though. cf. temp-directory.
3. Passwords are stored in the key history
Oh please. If someone has physical access to your machine, it's game
over anyway. If I've left Netscape running they can order millions of
books too.
There is at least one well known security expert on this list. Perhaps
they (or anyone else) would like to comment on what, if anything we
should patch.
nic
--
Dr N.J.Doye, Systems Programmer, NISS, PO Box 2674, Bath. BA2 7XY