Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!elroy.jpl.nasa.gov!decwrl!pa.dec.com!decprl!decprl!boyd
From: boyd@prl.dec.com (Boyd Roberts)
Newsgroups: comp.unix.wizards
Subject: Re: BSD tty security, part 3: How to Fix It
Message-ID: <1991May6.112302.27896@prl.dec.com>
Date: 6 May 91 11:23:02 GMT
References: <7299:Apr2510:22:2091@kramden.acf.nyu.edu> <12535@dog.ee.lbl.gov> <73525@eerie.acsu.Buffalo.EDU> <235@harem.clydeunix.com>
Sender: news@prl.dec.com (USENET News System)
Reply-To: boyd@prl.dec.com (Boyd Roberts)
Organization: Digital Equipment Corporation - Paris Research Laboratory
Lines: 29

In article <235@harem.clydeunix.com>, wes@harem.clydeunix.com (Wes Peters) writes:
> 
> I think write should reject any input not from a terminal:
> 
>     if (!isatty(fileno(stdin))) {
>         fprintf(stderr, "write: input must be a terminal!\n");
>         exit(-1);
>     }
> 
> I know this will take care of 'cat longfile | write sucker', but does it
> also take care of a 'here is' document (i.e. shell << document)?
> 

But it still doesn't solve the problem.  I can still go <button1>-sweep-<button2>
on my X terminal and you'll still get a pile of junk.  Or, I can run the ubiquitous ``pty'' and probably achieve the same.

The problem is that the user should be able to specify a program to run that
displays the ``write'' information in the way the user likes.  I guess such
a thing would register with a server (security problem #1) and say here I
am to take care of any writes for user X.  It then talks a protocol with
any incoming write and displays the information the way the user wants.

UNIX write(1) is small and simple.  It does the job in a friendly environment.
It was not written to deal with boofheads who'd cat /dev/universe | write ...


Boyd Roberts			boyd@prl.dec.com

``When the going gets wierd, the weird turn pro...''