Aduke.1874 net.followup utcsrgv!utzoo!decvax!duke!bcw Fri Mar 12 02:31:01 1982 Re: On telling people not to crack security There is a method (in principle) for fixing the security bug permanently which would not require extreme caution on the part of the super user or on the part of people writing programs which might communicate between different users. I doubt that it could be applied to the current version of Unix efficiently, although sufficiently paranoid users might be able to implement it now at a significant cost in computer time. A while back there was a discussion about a terminal protocol handler which could be specified on a per-terminal basis and which would be able to run sort of between the terminal driver (very dumb in this scheme) and everything else (I think some version of Multics has something like this). It would be quite easy to have this handler check the sequences being sent to the terminal and edit out any offending sequences. Since it would be specified on a per-terminal basis, it could know which specific sequences were dangerous, and not have to worry about what some crazy terminal somewhere might be vulnerable to. Therefore, it would still be possible to use the display enhancement features of the terminal without fear of allowing a trap door. Comments? Bruce C. Wright @ Duke University ----------------------------------------------------------------- gopher://quux.org/ conversion by John Goerzen of http://communication.ucsd.edu/A-News/ This Usenet Oldnews Archive article may be copied and distributed freely, provided: 1. There is no money collected for the text(s) of the articles. 2. The following notice remains appended to each copy: The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996 Bruce Jones, Henry Spencer, David Wiseman.