Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!csd4.csd.uwm.edu!bionet!apple!bloom-beacon!wonko!mit-eddie!mit-amt!mit-caf!vlcek
From: vlcek@mit-caf.MIT.EDU (Jim Vlcek)
Newsgroups: comp.unix.questions
Subject: Terminal hacking
Message-ID: <3063@mit-caf.MIT.EDU>
Date: 28 Aug 89 17:01:33 GMT
References: <61@towernet.UUCP> <1989Aug23.192105.21328@ee.rochester.edu> <10814@smoke.BRL.MIL> <1810@cunixc.cc.columbia.edu> <10849@smoke.BRL.MIL>
Reply-To: vlcek@mit-caf.UUCP (Jim Vlcek)
Organization: Microsystems Technology Laboratories, MIT
Lines: 29

People talking about ways of reprogramming someone else's terminal
function keys:

``/tmp/PLEASE-README, and wait for someone with the right terminal (and
  capabilities) to cat it.  And that isn't a security hole in cat...''

``Anyone who uses "cat" to display unknown file contents on his fancy
  terminal deserves whatever he gets.  However, in the case of
  "finger", there is no alternate method available (assuming remote
  system use).  Therefore "finger" ought to better support its
  intended use.''

A friend of mine here at MIT was able to reprogram our terminal's
setup configs by including escape sequences in the ``subject'' field
of email messages.  He limited his merriment to changing the name that
the terminal displayed on its topmost line, but he could have done
much worse.

There's got to be a million such holes in each and every flavor of
Unix one might work under.  Closing known ones, like ``finger,'' is
certainly a good idea, but the best idea would be to redesign
terminals to greatly restrict attempts to reconfigure them over their
serial link.

In a previous message, Doug Gwyn mentioned that some terminals allow
certain escape sequences to trigger actual input from the terminal.
Good God in Heaven!  What on Earth would you want to do that for?!

Jim Vlcek (vlcek@caf.mit.edu  uunet!mit-caf!vlcek)