Path: utzoo!attcan!utgpu!watmath!att!dptg!rutgers!iuvax!purdue!haven!grebyn!escom!al From: al@escom.com (Al Donaldson) Newsgroups: comp.unix.questions Subject: Re: .plan Message-ID: <474@escom.com> Date: 30 Aug 89 16:07:12 GMT References: <2620@trantor.harris-atd.com>, <1966@crdgw1.crd.ge.com> Organization: ESCOM Corp., Oakton, VA Lines: 31 In article <2620@trantor.harris-atd.com>, BA Badger points out that a (programmable) terminal is vulnerable to any raw string that can be sent to the terminal. For example, a couple of years ago one of my co-workers read the manual for his terminal (a Freedom 100, I think) and found that if you echoed a magic escape sequence to the terminal followed by some command string, the terminal would automatically send the command string back on the line just as if the user sitting at the terminal had typed it in. I don't remember the exact terminal or magic sequence, but I do remember that it opened my eyes to a whole set of risks that I hadn't imagined before. I think this is the same general problem that Doug Gwyn was talking about <10847@smoke.BRL.MIL> when he answered a question about remotely simulating the pressing of a function key. But in this case no function keys were used. The only solution I know to this problem, short of using terminals that don't have such awful holes (unfortunately, the terminal designer and most users probably see this as a "feature" instead of a hole) is to disable messages from other users to your terminal (e.g., "mesg n"). However, I am a little confused by the discussion about ANSWERBACK sequences by BA Badger (above reference) and Bruce Barnett <1966@crdgw1.crd.ge.com>. As I remember, answerback sequences were used years ago in multidrop line protocols to determine if a terminal was online and ready to receive before sending a message. Surely answerback is not used by UNIX for this purpose, so is the point that a nastygram can be stored in my terminal, triggered remotely by echo'ing a ctrl-E to my terminal, with the nastygram getting passed straight to my shell? I apologize if this is obvious to others, but I just want to be sure I understand the risk. Thanks, Al Donaldson