Xref: utzoo comp.unix.wizards:25200 alt.security:2339 Path: utzoo!utgpu!cs.utexas.edu!uunet!mcsun!ukc!warwick!cudcv From: cudcv@warwick.ac.uk (Rob McMahon) Newsgroups: comp.unix.wizards,alt.security Subject: Re: BSD tty security, part 3: How to Fix It Message-ID: <*WC_6A$@warwick.ac.uk> Date: 28 Apr 91 19:26:06 GMT References: <7299:Apr2510:22:2091@kramden.acf.nyu.edu> <12535@dog.ee.lbl.gov> <15896:Apr2714:35:3991@kramden.acf.nyu.edu> Sender: news@warwick.ac.uk (Network news) Organization: Computing Services, Warwick University, UK Lines: 52 Nntp-Posting-Host: shark In article <15896:Apr2714:35:3991@kramden.acf.nyu.edu> brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes: >1. Do people think it's a problem that lines from ``write'' are not >identified? If nothing else, I like the ability to carry on two or three >write conversations at once without getting totally confused. I think it's a problem if the formatting is different on both ends. I tend to press RETURN when I'm getting near the end of a line, and it's messy if this gets broken up at the other end. I often type code, or cut&paste text or code into the write session, and it's a pain if this gets broken, or they can't themselves cut&paste it into an editor without having to strip out the junk. I've never seriously held more than one write session at a time in a single window, but not because the messages get mixed up, but rather because of all that switching between write commands. I have no trouble keeping two windows active. >2. Do people think it's a problem that someone can start a ``write'', then >just type EOF or EOT to simulate ending it, then continue typing without >identification? I think it's more important to keep the formatting intact, and the longer message is of no use without the identifying `user: ' at the beginning of typed lines (because I can obviously just type `End of message from ...' instead of EOF). Maybe I've just been lucky, but I've never been attacked with this one. If `mesg n' worked after the event I don't think it's a problem. >3. Do people think it's a problem that ``write'' can flood a terminal with >output before the recipient has a chance to react? My version limits output >to 500 characters per line and one line a second. Does anyone think that >this affects legitimate uses of ``write''? This idea seems to have more merit. I have seen people doing `worms | write' or `write < /usr/dict/words'. Against that, I often send people a quick message of a few lines using write user << 'eof' ... 'eof' So that they don't have to sit there waiting for me to correct my typos. It would be a shame if the output only came out at one line a second. Maybe there's a compromise solution ... can I have 500 free characters before the one line a second clunks in ? Cheers, Rob -- UUCP: ...!mcsun!ukc!warwick!cudcv PHONE: +44 203 523037 JANET: cudcv@uk.ac.warwick INET: cudcv@warwick.ac.uk Rob McMahon, Computing Services, Warwick University, Coventry CV4 7AL, England