Xref: utzoo comp.unix.wizards:25208 alt.security:2343 Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!usc!randvax!segue!psl From: psl@segue.segue.com (Peter Langston) Newsgroups: comp.unix.wizards,alt.security Subject: Re: BSD tty security, part 3: How to Fix It Message-ID: <7310@segue.segue.com> Date: 29 Apr 91 00:30:27 GMT References: <7299:Apr2510:22:2091@kramden.acf.nyu.edu> <12535@dog.ee.lbl.gov> Reply-To: psl@segue.segue.com (Peter Langston) Organization: Segue Software, Inc. - Santa Monica, CA. +1-213-453-2161 Lines: 22 In article <12535@dog.ee.lbl.gov> Jef Poskanzer writes: >In the referenced message, brnstnd@kramden.acf.nyu.edu (Dan Bernstein) wrote: >}13. Fix write. Many people don't appreciate how poor write's security >}is; I quote from my pty paper's description of a write clone: >}: ... blah, blah ... >}code from it. Don't even give me any credit, just fix the bugs. Please. > >As the co-author of the current BSD write, I can respond to this. >Our version does make control chars visible. Checking the permissions >on the recipient before each line is a good idea. The rest of your >changes are disgusting. Jef is being too kind. Agreed, the rest of the changes are disgusting in their protect-the-user-from-her/himself presumption, but checking the permissions on the recipient before each line is NOT such a good idea. As it stands now, you can allow write access long enough for a friend to initiate a write(1) and then turn off write access and discourage any other interruption, (i.e. you can discriminate among users temporally). Changing write to do continued checking of write permission would only further frustrate users attempts to control their own environments. It is hard to believe that the write program is the best place to solve the problems of antisocial behaviour in one's community...