Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!sdd.hp.com!zaphod.mps.ohio-state.edu!julius.cs.uiuc.edu!psuvax1!rutgers!njin!princeton!phoenix!subbarao From: subbarao@phoenix.Princeton.EDU (Kartik Subbarao) Newsgroups: comp.unix.questions Subject: Re: Preventing Idle in telnet, security, and bg. Message-ID: <2907@idunno.Princeton.EDU> Date: 28 Sep 90 15:40:06 GMT References: Sender: news@idunno.Princeton.EDU Distribution: comp Lines: 84 In article davis@pacific.mps.ohio-state.edu (John E. Davis) writes: >Hi, > > I have a vt320 that I use all the time. When I logon to our system, I >start up a process in the background that sleeps for a minute, checks my >mailbox for newmail then just before going back to sleep, it sends the time >and number of mail messages to my vt320 status line. It has worked fine so >far with no problems. > > However, sometimes I forget to kill it before I logout. I was wondering >what is the best way to put it into the background so that when I logout, it >dies? I wrote the program in c, if this helps. There are a few ways for doing this -- one is to use sh (yuk), another is to get the program "hup" (for csh like shells). hup will simply kill the process upon logout. A third is to get the PID of the program and then just kill -9 PID in .logout. (There are many posted ways of killing daemons). > A friend of mine once told me that when he logged on, it started writing to >his terminal. Apparantly, I was once attached to that tty and left it >executing when I logged out. I really do not understand this particular >occurence at all. Perhaps some kind soul will tell me what happened. Well - that's simple enough. If you run a program, and then log out (in csh and the normal world) -- it can still run. If it had opened the tty to write to it, under most systems it still is allowed to write to the tty afterwards. I'm sure that Dan Bernstein will attest that his pty program can stop that from happening...anyway, if the process can write to the tty, then it can put whatever it wants on it. >On another subject, One person on our system has in his home directory an >executable file called 'ls'. Here it is: > >#! /bin/sh >/bin/ls -FC >echo `whoami` `hostname` `tty` `date` >> public/log >exit 0 > >What happens, is if someone steps into this directory and types 'ls' this >thing takes his picture. In principle, he could add a few more lines to copy >and delete mail, etc... Although this 'ls' is harmless, it is conceivable >that great damage could have been done. Is this considered a security problem? >I do not advocate snooping around the system, however if one is new as I am to >the unix world, then one can benifit by seeing what other people have. For >example, by looking in other .emacs files, I learned alot of things about >setting up the arrow keys for my terminal. Besides, isn't any file with world >read access considered to be in the public domain? But his directory could be mode 711, that is, you couldn't ls the directory but only ls specific files. You know, the sad thing about this is I actually HAD an ls script in my home directory that was a really really SAD attempt to do what you say. (Good thing I wisened up FAST). There are only TWO ways that the ls script would ever be executed: a) If the person is such a fool and has "." as the first element of their path (and/or doesn't alias his commands). Then obviously ANY command that has the same name in that directory would be executed b) If the person WANTED to see if a ./ls existed and specified that. either way, it's a really sad thing to do. If you have the right path, then there is no harm in snooping. Heck, about the only way TO learn is BY snooping around. I don't know how many countless .cshrc's, .login's, .mailrc's etc I've read when I was learning how to use UNIX. Have fun. -Kartik (I need a new .signature -- any suggestions?) subbarao@{phoenix or gauguin}.Princeton.EDU -|Internet kartik@silvertone.Princeton.EDU (NeXT mail) -| SUBBARAO@PUCC.BITNET - Bitnet