Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site sdccsu3.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!mhuxl!ihnp4!zehntel!hplabs!sdcrdcf!sdcsvax!sdccsu3!muller
From: muller@sdccsu3.UUCP (Keith Muller)
Newsgroups: net.bugs,net.bugs.4bsd
Subject: Re: stty bug + effects
Message-ID: <2180@sdccsu3.UUCP>
Date: Wed, 15-Aug-84 14:08:46 EDT
Article-I.D.: sdccsu3.2180
Posted: Wed Aug 15 14:08:46 1984
Date-Received: Sat, 18-Aug-84 02:20:47 EDT
References: <571@bnl.UUCP>
Organization: U.C. San Diego, Computer Center
Lines: 20

You can easily protect users from stty 0 and other nasties (like people sending
the output of worms to each other) by using group access control on the users
tty port. 
1) Create a group called something like "term" that no users in it.
2) Change login to set the mode of the tty to have GROUP write access and turn
   off OTHER access. Also have login set the group of the tty (while login is
   still running as root) to the group "term". (Make sure that login does not
   end up running in group "term" as that would defeat the fix).
3) Change mesg to turn on and off the GROUP write permission leaving OTHER
   permission off.
4) Change programs like finger, write, talkd, ... to understand that GROUP
   write permission means you can write to the user (instead of other).
5) Change write to be setgid to "term" (talk is already setuid root so does
   not have to be changed as talkd determines who can be written to).

This has stopped abuse (we have a large student population on 9 unix machines)
completely.

	Keith Muller
	UCSD Computer Center