Xref: utzoo comp.unix.wizards:25198 alt.security:2337
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!ub!lyda
From: lyda@acsu.buffalo.edu (kevin lyda)
Newsgroups: comp.unix.wizards,alt.security
Subject: Re: BSD tty security, part 3: How to Fix It
Message-ID: <73525@eerie.acsu.Buffalo.EDU>
Date: 28 Apr 91 18:56:10 GMT
References: <7299:Apr2510:22:2091@kramden.acf.nyu.edu> <12535@dog.ee.lbl.gov> <15896:Apr2714:35:3991@kramden.acf.nyu.edu>
Sender: news@acsu.Buffalo.EDU
Followup-To: comp.unix.wizards
Organization: State University of New York at Buffalo/Comp Sci
Lines: 53
Nntp-Posting-Host: sybil.cs.buffalo.edu

i'm not a wizard... the reason i'm responding to this is because i got a
rather annoying message from a friend (he was bored at the time) while i
was trying to show a user how to do something (i'm a student consultant).
he did a cat file | write lyda and the file was ~26 lines long.... just
enough so that i couldn't see who'd done it. now, from that perspective....

In article <15896:Apr2714:35:3991@kramden.acf.nyu.edu> brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:
>1. Do people think it's a problem that lines from ``write'' are not
>identified? If nothing else, I like the ability to carry on two or three
>write conversations at once without getting totally confused. If others
>don't like this, though, then I'll stop pushing for it.

personally, i like unix because of it's flexibility. i think it should be
up to the recipient of the write message whether or not they see the
username of the sender.

>2. Do people think it's a problem that someone can start a ``write'',
>then just type EOF or EOT to simulate ending it, then continue typing
>without identification? While most experienced users will guess exactly
>what's going on, novice users are really up the creek.

yeah... write dufus
EOF
^Z
and then scroll his screen from time to time... :) that gets real dry when
you're already pissed at a bug in your project that's due in 10 mins.

>Does anyone agree
>with Jef that it's ``disgusting'' to see

well.... it looks like vms.... :)

>3. Do people think it's a problem that ``write'' can flood a terminal
>with output before the recipient has a chance to react? My version
>limits output to 500 characters per line and one line a second. Does
>anyone think that this affects legitimate uses of ``write''? If not, is
>there any harm in adding the protection against accidents and abuse?

again... i'm in favor of flexibility. i do think that that is too
restricive, and just because you or i or anyone else doesn't think that
there's a use for it, doesn't mean there isn't one. (like, there was this
really useless adhesive floating about 3m for awhile... it didn't seem to
stick very well.... now those annoying post-it notes are everywhere...)

i think a good solution, though harder, would be a .writerc file. get rid
of the .canwrite file and replace it with a file that tells write what it's
allowed to do to *my* tty. if i want the user identified on each line, let
me say that. if i want the writes logged to a file, let me say that. etc...
it just seems to me that i can specify how my editor and more and talk
output to my screen.... why can't i do the same for write?

kevin