Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site sdccsu3.UUCP Path: utzoo!watmath!clyde!burl!ulysses!mhuxl!ihnp4!zehntel!hplabs!sdcrdcf!sdcsvax!sdccsu3!muller From: muller@sdccsu3.UUCP (Keith Muller) Newsgroups: net.bugs,net.bugs.4bsd Subject: Re: stty bug + effects Message-ID: <2180@sdccsu3.UUCP> Date: Wed, 15-Aug-84 14:08:46 EDT Article-I.D.: sdccsu3.2180 Posted: Wed Aug 15 14:08:46 1984 Date-Received: Sat, 18-Aug-84 02:20:47 EDT References: <571@bnl.UUCP> Organization: U.C. San Diego, Computer Center Lines: 20 You can easily protect users from stty 0 and other nasties (like people sending the output of worms to each other) by using group access control on the users tty port. 1) Create a group called something like "term" that no users in it. 2) Change login to set the mode of the tty to have GROUP write access and turn off OTHER access. Also have login set the group of the tty (while login is still running as root) to the group "term". (Make sure that login does not end up running in group "term" as that would defeat the fix). 3) Change mesg to turn on and off the GROUP write permission leaving OTHER permission off. 4) Change programs like finger, write, talkd, ... to understand that GROUP write permission means you can write to the user (instead of other). 5) Change write to be setgid to "term" (talk is already setuid root so does not have to be changed as talkd determines who can be written to). This has stopped abuse (we have a large student population on 9 unix machines) completely. Keith Muller UCSD Computer Center