Description of Problem: When logging as normal user on the console, pam does not chown /dev/vcs* and /dev/vcsa* devices corresponding to tty the user logged at. As /usr/lib/mc/bin/cons.saver is no longer suid root, this means that subshell support is totally broken for normal console users.
Login handles ownership of your tty -- it should handle the vcs device as well. Checking the package shows that if built with ALLOW_VCS_USE, code to do this is compiled in. This setting was disabled in a patch, though.
Oh, I see. revoke(2) desperately needed. Anyway, in that case I think we should analyze mc cons.saver proglet and if it is secure, chmod +s /usr/lib/mc/bin/cons.saver until revoke(2) is supported.
Security audit of cons.saver is outside my skillset, and also low on my priority list. It would be nice though if we could get a patch.