Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!ucbvax!mtxinu!sybase!jive!robert
From: robert@jive.sybase.com (Robert Garvey)
Newsgroups: comp.unix.questions
Subject: Re: .plan
Summary: answerback can be used for ``nastygram''
Keywords: terminals, answerback
Message-ID: <5836@sybase.sybase.com>
Date: 31 Aug 89 14:58:50 GMT
References: <2620@trantor.harris-atd.com> <1966@crdgw1.crd.ge.com> <474@escom.com>
Sender: news@sybase.sybase.com
Reply-To: robert@jive.UUCP (Robert Garvey)
Organization: Sybase, Inc.
Lines: 15

In article <474@escom.com> al@escom.com (Al Donaldson) writes:
>so is the point that a nastygram can be stored in my terminal, triggered 
>remotely by echo'ing a ctrl-E to my terminal, with the nastygram getting 
>passed straight to my shell?   I apologize if this is obvious to others, 
>but I just want to be sure I understand the risk.

Yes, that is the risk.  Some terminals allow answerback messages to be
programmed with an escape sequence.  A malicious user could send mail
that includes that escape sequence with an answerback message to be
interpreted by mail and then your shell.  Following that sequence would
be a ctrl-E.

Robert Garvey                                  Sybase, Inc
robert@sybase.com                              6475 Christie Ave
{sun,lll-tis,pyramid,pacbell}!sybase!robert    Emeryville, CA 94608