Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site inuxc.UUCP Path: utzoo!watmath!clyde!burl!ulysses!mhuxl!ihnp4!inuxc!mcferrin From: mcferrin@inuxc.UUCP (P McFerrin) Newsgroups: net.bugs,net.bugs.4bsd Subject: Re: stty bug + effects Message-ID: <1016@inuxc.UUCP> Date: Wed, 15-Aug-84 16:16:44 EDT Article-I.D.: inuxc.1016 Posted: Wed Aug 15 16:16:44 1984 Date-Received: Thu, 16-Aug-84 03:33:03 EDT References: <571@bnl.UUCP> Organization: AT&T Consumer Products Div., Indianapolis Lines: 35 >From ihnp4!mgnetp!burl!clyde!watmath!utzoo!linus!philabs!sbcs!bnl!piggott Sun Aug 12 17:59:18 1984 >From: piggott@bnl.UUCP (Christopher Piggott) >Newsgroups: net.bugs,net.bugs.4bsd >Subject: stty bug + effects >Article-I.D.: bnl.571 >Posted: Sun Aug 12 17:59:18 1984 > > Forgive me if this is already understood, but being able to read the >terminal settings of another's terminal also means that you can set some >of those definitions for them - including the famous 'stty 0' - and force >another's terminal to do funny things to them.... > Does anybody know of any way to protect themselves against this other >than the 'mesg n' which disallows ANY writing to your device? > >(piggott@bnl for replies + comments) > > I wasn't going to be the first one to let the 'cat' out of the bag!! But now the rest of the world knows how to hang up another person, I would expect that more people are going to disallow writes to their terminal. By allowing write permissions to your tty device, one can definitely hang you up or do screwy things to your terminal (e.g. no echo or raw). I know of no other way to protect youself other than removing write permissions by others. If you use group ids on your system, you can permit writes by other persons in your group by assuming that your group members are friendly co-workers. Allowing write permissions to your terminal can be dangerous if your terminal is capable of block-mode transmissions that can be initiated from the host. A possible solution would to to rework the write(1) command that would use some other harmless bit in the mode of the tty device. There is however an impact on other commands (e.g. nroff).