andrew@garfield.UUCP (Andrew Draskoy) (07/02/83)
If you change write to be set-uid root, you must add in two things: One is a setuid(geteuid()) before the exec for a shell escape. almost as important, but less obvious, is that you must scrutinize the optional ttyname arguement to prevent things like write user ../etc/passwd This would of course be disasterous...