piggott@bnl.UUCP (Christopher Piggott) (08/24/84)
[Hey Bug!!! You got relatives???] Here is the way that I keep myself protected from the "stty 0 > /dev/ttyxx"'s of this world.... First, an automatic "mesg n" in my .profile. If somebody wants to page me for "talk", "write", or whatever, then tough. They'll send it through MAIL first if it's important enough. Second, if I wish to 'talk' with someone, I don't just use regular 'talk' or 'write'. I use this simple shell script, named "xtalk", in my directory. (sleep 20;mesg n;echo -n "*")& mesg y talk $1 And that takes care of things.... Now for a question....Is there any way I can read the response (someone writing to my terminal) from the SHell, without using the wait-loop type delay? Christopher Piggott (Piggott@BNL)
ron@wjvax.UUCP (Ron Christian) (08/28/84)
() *** >From: piggott@bnl.UUCP (Christopher Piggott): >Here is the way that I keep myself protected from the "stty 0 > /dev/ttyxx"'s >of this world.... >First, an automatic "mesg n" in my .profile. If somebody wants to page me >for "talk", "write", or whatever, then tough. They'll send it through >MAIL first if it's important enough. ******* Well, this seems paranoid to me. As well as having an important hole if you use a VT100. That is, a competant Terminal Warrior can get around a 'mesg n' with a little fiddling. Mail, also, is not really a valid replacement for talk or write unless you have 'biff' set, which is leaving yourself open again. I wonder if you miss phone calls if you're on a remote terminal. ******* >Second, if I wish to 'talk' with someone, I don't just use regular 'talk' >or 'write'. I use this simple shell script, named "xtalk", in my directory. >(sleep 20;mesg n;echo -n "*")& >mesg y >talk $1 >And that takes care of things.... *** Unless the person you want to talk to also has 'mesg n' set. What do you do then? The basic premise seems to be that you are the only one that needs protection, not your co-workers. Awhile ago, when terminal wars hits were flying hither and yon, everyone had 'mesg n' in his/her .login. As I mentioned, there are ways to circumnavigate this with preparation. So the only effect was that no one could contact any one else for legitimate means. Foolish. We tried some things, like a 'talk' that auto- matically hammered open the person's tty, but someone thought this might 'leave him open' so ran a script in the background that checked message bit and took appropriate action... Did you know that you can send those funny escape sequences through 4.1 'talk' if you type them in verbatum? There was also a race by a couple of people to aquire the su password (password stealing programs, or careful attention to unattended terminals) in order to break through someone else's protection. Real damage was done in the process. Anyway, the load average was climbing, and things were rapidly getting out of hand, so a message was handed down from above: "Cut this f***** crap out or lose your password." And THAT is the ONLY way you are going to stop this stuff. For every protection scheme there are a dozen ways to crack it. And individual protection schemes only provide a challange to folks who go in for this sort of thing. -- "Trivia is important." Ron Christian Watkins-Johnson Co. San Jose, Calif. (...ios!wjvax!ron)
barmar@mit-eddie.UUCP (Barry Margolin) (08/29/84)
There are a number of ways to allow users to send messages to each other
WITHOUT requiring that everyone have write access to /dev/tty*. One
that comes to my mind is to make write(1) and friends be setgid to
"write" and "chgrp write /dev/tty*". This also permits us to prevent
the security hole that "write" currently provides with programmable
terminals, since write(1) could be taught to censor escape sequences.
--
Barry Margolin
ARPA: barmar@MIT-Multics
UUCP: ..!genrad!mit-eddie!barmarwoods@hao.UUCP (Greg "Bucket" Woods) (08/30/84)
Better yet, write(1) could send control characters the same way the tty
driver echoes them back, i.e. instead of sending the literal character
\032 for ESC (or whatever the damn code is), it could send "^[". Similarly
for other control characters. This wouldn't even need any hacking of the
/dev/tty stuff.
--Greg
--
{ucbvax!hplabs | allegra!nbires | decvax!stcvax | harpo!seismo | ihnp4!stcvax}
!hao!woods
"... the heat come 'round and busted me for smiling on a cloudy day..."dhb@rayssd.UUCP (09/04/84)
For those of you who are really concerned about security, there is another hole in the systems related to sending escape and control characters to someones terminal. Since I haven't seen anything about it in this discussion, I won't mention it by name but any interested system administrators can send me a mail message and I will send back a description of the hole, how it works, and the fix. (please send the mail as root so that I know you are legit.) -- Dave Brierley Raytheon Co.; Portsmouth RI; (401)-847-8000 x4073 ...!decvax!brunix!rayssd!dhb ...!allegra!rayssd!dhb ...!linus!rayssd!dhb