Xref: utzoo comp.unix.wizards:25190 alt.security:2331 Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!emory!att!linac!mp.cs.niu.edu!rickert From: rickert@mp.cs.niu.edu (Neil Rickert) Newsgroups: comp.unix.wizards,alt.security Subject: Re: BSD tty security, part 3: How to Fix It Message-ID: <1991Apr27.182235.18830@mp.cs.niu.edu> Date: 27 Apr 91 18:22:35 GMT References: <7299: Apr2510:22:2091@kramden.acf.nyu.edu> <12535@dog.ee.lbl.gov> <15896:Apr2714:35:3991@kramden.acf.nyu.edu> Organization: Northern Illinois University Lines: 25 In article <15896:Apr2714:35:3991@kramden.acf.nyu.edu> brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes: >Well, I'm glad you agree with two of them, but I'd like to ask the net's >opinion on the other two. Let me split this into three questions: I, for one, like your changes. Until they are in place I will continue my practice of putting 'mesg n' in my .login file >3. Do people think it's a problem that ``write'' can flood a terminal >with output before the recipient has a chance to react? My version >limits output to 500 characters per line and one line a second. Does >anyone think that this affects legitimate uses of ``write''? If not, is >there any harm in adding the protection against accidents and abuse? We had one user here who wrote a daemon to do this to every new person who logged on. I was sure glad I had 'mesg n' in my .login . Even so I had to wait a while for the end of his buffer before I could get in and kill his daemon and suspend his account. (Just as well he was a novice user, or he could have made things more difficult.) -- =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= Neil W. Rickert, Computer Science Northern Illinois Univ. DeKalb, IL 60115 +1-815-753-6940