Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site muddcs.UUCP Path: utzoo!linus!decvax!ittvax!dcdwest!sdcsvax!sdcrdcf!trwrb!scgvaxd!muddcs!brian From: brian@muddcs.UUCP Newsgroups: net.bugs,net.bugs.4bsd Subject: Re: stty bug + effects Message-ID: <180@muddcs.UUCP> Date: Wed, 15-Aug-84 16:25:56 EDT Article-I.D.: muddcs.180 Posted: Wed Aug 15 16:25:56 1984 Date-Received: Tue, 21-Aug-84 05:11:48 EDT References: <571@bnl.UUCP> Organization: Harvey Mudd College, Claremont, CA Lines: 39 > Forgive me if this is already understood, but being able to read the >terminal settings of another's terminal also means that you can set some >of those definitions for them - including the famous 'stty 0' - and force >another's terminal to do funny things to them.... > Does anybody know of any way to protect themselves against this other >than the 'mesg n' which disallows ANY writing to your device? > >(piggott@bnl for replies + comments) Actually, you can do far worse than that to someone else's terminal. Under 4.2bsd at least, you can send a command line to someone else's terminal and have it executed as it that person typed it themselves. (Using a short 'C' program to do a ioctl TIOCSTI call). Also, people can send out control strings to terminals to put them into funny modes (on dec vt100's and vt200's you can put someone in inverse video, etc.) We saw this as a security problem so I elected to do the following fix. login, talk, write, and mesg were all changed so that a terminal is *ALWAYS* protected so that only it's owner has rw protections. Write now runs setuid to root (the shell escape doesn't have root privleges, I thought of that), the talkd already ran setuid; thus these programs can still access the other users terminal. I use the world "x" protection bit as a flag for whether or not a user doesn't want to be bothered. Talk and write use that as their criteria, and mesg now changes that bit rather than the actual terminal rw protections. This prevents other users from writing directly to terminals, they must use talk or write if they want to bother someone. We've been running it a couple of weeks now with no problems. I don't see any security holes in it, let me know if anyone out there sees any. If you don't want to waste the time looking for where to make all of these changes (and I wouldn't if I were you), send me mail and I'll send you the diff's on the files I changed. Oh, I also changed finger to accurately say whether or not a user had messages off under the new criteria. If I get enough requests for this, I'll post the diffs to the net. -brian -- Brian Zill 621-8000 x3497 Harvey Mudd College {ihnp4,allegra,seismo}!scgvaxd!muddcs!brian