Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!widener!ukma!memstvx1!utkcs2!emory!att!princeton!phoenix.Princeton.EDU!tty!keyboard!subbarao!kartik From: subbarao@phoenix.Princeton.EDU (Kartik Subbarao) Newsgroups: comp.unix.wizards Subject: Re: BSD tty security, part 3: How to Fix It Message-ID: Date: 6 May 91 12:42:38 GMT References: <73525@eerie.acsu.Buffalo.EDU> <235@harem.clydeunix.com> <1991May6.112302.27896@prl.dec.com> Sender: news@idunno.Princeton.EDU Reply-To: subbarao@phoenix.Princeton.EDU (Kartik Subbarao) Lines: 29 In article <1991May6.112302.27896@prl.dec.com> boyd@prl.dec.com (Boyd Roberts) writes: >In article <235@harem.clydeunix.com>, wes@harem.clydeunix.com (Wes Peters) writes: >> >The problem is that the user should be able to specify a program to run that >displays the ``write'' information in the way the user likes. I guess such >a thing would register with a server (security problem #1) and say here I >am to take care of any writes for user X. It then talks a protocol with >any incoming write and displays the information the way the user wants. > >UNIX write(1) is small and simple. It does the job in a friendly environment. >It was not written to deal with boofheads who'd cat /dev/universe | write ... Exactly -- I don't see any need in changing a silly simple program like write. So what if you get a humongous message from someone -- yay. just go lynch him, and ask him politely not to do it in the future. Most people get over 'nethack | write /dev/ttyp6' pretty soon in their unix learning. (Then again, it seemed to take me a bit longer :-)) -Kartik -- internet# rm `df | tail +2 | awk '{ printf "%s/quotas\n",$6}'` subbarao@phoenix.Princeton.EDU -| Internet kartik@silvertone.Princeton.EDU (NeXT mail) SUBBARAO@PUCC.BITNET - Bitnet