Xref: utzoo comp.unix.wizards:25217 alt.security:2348 Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!mcsun!ukc!strath-cs!str-va!cadp01 From: cadp01@vaxa.strath.ac.uk Newsgroups: comp.unix.wizards,alt.security Subject: Re: BSD tty security, part 3: How to Fix It Message-ID: <1991Apr28.130739.11517@vaxa.strath.ac.uk> Date: 28 Apr 91 13:07:39 GMT References: <7299:Apr2510:22:2091@kramden.acf.nyu.edu> <12535@dog.ee.lbl.gov> <15896:Apr2714:35:3991@kramden.acf.nyu.edu> Organization: (Olav Kolbu), Strathclyde University Lines: 59 In article <15896:Apr2714:35:3991@kramden.acf.nyu.edu>, brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes: [stuff deleted] > 1. Do people think it's a problem that lines from ``write'' are not > identified? If nothing else, I like the ability to carry on two or three > write conversations at once without getting totally confused. If others > don't like this, though, then I'll stop pushing for it. Me too, but I would rather have it as an option (mesg i ?) instead of being forced to see this identification on every line I get. That way you would satisfy both parts. This should of course be at the recepient end. Would this be too messy? > 2. Do people think it's a problem that someone can start a ``write'', > then just type EOF or EOT to simulate ending it, then continue typing > without identification? While most experienced users will guess exactly > what's going on, novice users are really up the creek. Does anyone agree > with Jef that it's ``disgusting'' to see > > Message from operator@kramden on ttyp7 at 10:24 ... > operator: this is where the text goes > operator: and so on > End of message from operator@kramden on ttyp7 at 10:25 > > instead of > > Message from operator@kramden on ttyp7 at 10:24 ... > this is where the text goes > and so on > EOF > > Maybe I'm biased from my RELAY days, but I really find the first format > more informative. Some people want it and some don't, make it an option and keep everyone happy. I would have like a 'End of message from foo@bar on ...' instead of the EOT/EOF but this would just have a purely informative purpose in a system that didn't enforce identification of lines. > 3. Do people think it's a problem that ``write'' can flood a terminal > with output before the recipient has a chance to react? My version > limits output to 500 characters per line and one line a second. Does > anyone think that this affects legitimate uses of ``write''? If not, is > there any harm in adding the protection against accidents and abuse? > > ---Dan If you want to give someone a piece of code or something similar over write, then one second per line might be a bit too much. Of course, the identification on each line would already have messed it up so you couldn't grab the lot with a mouse and store it somewhere without a search-and- replace... OK o.kolbu@uk.ac.strath.vaxa - Reverse where necessary. Olav Kolbu Life is full of standards, just grab one that suits you.