Xref: utzoo comp.unix.wizards:25509 alt.security:2500 Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!uakari.primate.wisc.edu!sdd.hp.com!think.com!mintaka!bloom-beacon!eru!hagbard!sunic!dkuug!diku!bombman From: bombman@diku.dk (Hans-Henrik St{rfeldt) Newsgroups: comp.unix.wizards,alt.security Subject: Re: BSD tty security, part 3: How to Fix It Message-ID: <1991May9.145536.20002@odin.diku.dk> Date: 9 May 91 14:55:36 GMT References: <7299:Apr2510:22:2091@kramden.acf.nyu.edu> <12535@dog.ee.lbl.gov> <15896:Apr2714:35:3991@kramden.acf.nyu.edu> Sender: bombman@freja.diku.dk Organization: Department of Computer Science, U of Copenhagen Lines: 33 brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes: >(Note that the changes to ``write'' being discussed here are entirely >optional suggestions; only steps 1-12 are necessary to fix the basic >problems.) >In article <12535@dog.ee.lbl.gov> Jef Poskanzer writes: >> Our version does make control chars visible. Checking the permissions >> on the recipient before each line is a good idea. The rest of your >> changes are disgusting. >Well, I'm glad you agree with two of them, but I'd like to ask the net's >opinion on the other two. Let me split this into three questions: Another problem pops up, using write with X-windows, it is possible to hide yourself entirely, from the person you write to. This is done by making a 'non-login-shell' from your mail session (xterm). Then you can write to other users, who gets following message: Message from ???@freja on ttyp7 at 10:24 ... typed message here.... EOF This, i think is one of the greater problems with write. --Hans Henrik Staerfeldt ps. I am a user, not a sysop -- ____________________________________________________________ DK_ | | Bombman the mad bomber | // .|{}| Bombman@freja.diku.dk | /-| |__| Hans Henrik Staerfeldt |