Xref: utzoo comp.unix.wizards:25386 alt.security:2429
Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uwm.edu!linac!att!att!fang!tarpit!osceola.cs.ucf.edu!ssd
From: ssd@engr.ucf.edu (Steven S. Dick)
Newsgroups: comp.unix.wizards,alt.security
Subject: Re: BSD tty security, part 3: How to Fix It
Message-ID: <1991May1.121058.20933@osceola.cs.ucf.edu>
Date: 1 May 91 12:10:58 GMT
References: <7299:Apr2510:22:2091@kramden.acf.nyu.edu> <12535@dog.ee.lbl.gov> <15896:Apr2714:35:3991@kramden.acf.nyu.edu>
Sender: news@osceola.cs.ucf.edu (News sysetm)
Organization: engineering, University of Central Florida, Orlando
Lines: 29

In article <15896:Apr2714:35:3991@kramden.acf.nyu.edu> brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:
>	Message from operator@kramden on ttyp7 at 10:24 ...
>	operator: this is where the text goes
>	operator: and so on
>	End of message from operator@kramden on ttyp7 at 10:25

Well, personally, I don't like this style or the standard style.
The format is OK....it's the timing I detest.

I've written my own write replacement [which I probably should release
to the net] that lets you type your whole message before it sends it.
I HATE getting the write start message, and then waiting to get the rest.

The name at the beginning of the line isn't needed if the message is sent
as one chunk.  

A few security additions I put in my program right away...
It limits the message to 20 lines.  This could, I suppose, ioctl the
remote terminal and check its actual height.  (Assume 20 otherwise.)
It doesn't make sure the input is coming from a tty--maybe it should.

I didn't think of putting in a pause before sending the next 20
lines...  This might be useful.  I wouldn't actually pause--just record
the time, and make sure that some decent amount of time (like at least
1 sec per line) has passed before sending anything more.  Nobody can
actually type that fast anyway.  :-)

	Steve
ssd@engr.ucf.edu