Re: setting standard fds to console in translator libs

[Thomas Bushnell, BSG]

nisse@lysator.liu.se (Niels Möller) writes:

> Not even a write-only one? I'm not sure I see the security problem. On
> debian /dev/console is writable for everybody (although that might not
> include the not logged in user on HURD). On Solaris, it seems to be
> writable by the group tty. That's all systems I'm logged on to at the
> moment.

Well, if you have access to the console, you can potentially tweak
that terminal in various ways (like TIOCSTI).  We certainly don't want
that.  

> Or to express things in a different way: If I run a system, I would
> probably want to get the stderr output from all translators to go
> somewhere. 

Eek!  So basically you are happy with all the users on a multi-user
system storing their email in the syslog logs?  Because--trust
me--that's what inevitably happens. :)

You're thinking of translators as things the sysadmin sets up.  Only
some of them are that.

But, we don't *have* a good solution to where passive translators send
their error messages.  I have no objection to saying that they should
try to send messages to syslog.  Changing libraries so that happens is
a decent thing to do.

I'm just against forcing them onto /dev/console.