Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!thunder.mcrcim.mcgill.edu!snorkelwacker.mit.edu!bloom-beacon!eru!hagbard!sunic!mcsun!ukc!axion!delluk!holly!tim
From: tim@dell.co.uk (Tim Wright)
Newsgroups: alt.hackers
Subject: Re: TIOCSTI
Message-ID: <tim.674729731@holly>
Date: 20 May 91 08:55:31 GMT
References: <1991May13.211622.1452@sbcs.sunysb.edu>
Sender: usenet@delluk.uucp (Usenet posting login)
Organization: Dell Computer Corp., Bracknell, UK
Lines: 20
Approved: tim@dell.co.uk

In <1991May13.211622.1452@sbcs.sunysb.edu> god@csserv2.ic.sunysb.edu (The Lord God your Creator) writes:


>The TIOCSTI ioctl lets you simulate keyboard input on other peoples terminals
>while they're logged in as long as you have write perminssion for the tty
>(mesg y). So you could write the string: "rm -r *\n" and it would be executed
>if the user was in a shell.  Whoever made this system call goofed. 

No they didn't. They did in 4.2BSD but it was fixed in 4.3. Basically, you
can only execute it on your control tty. Under 4.2BSD, you could open a
tty for write only, having first used TIOCNOTTY to get rid of your control
tty, and use TIOCSTI, since the open made the new tty the control terminal
for that process. Under 4.3BSD, you need read access on the terminal as well,
and that is not usually the case unless somebody really wants to be hacked !

Tim
-- 
Tim Wright, Dell Computer Corp., Bracknell    |  Domain: tim@dell.co.uk
Berkshire, UK, RG12 1RW. Tel: +44-344-860456  |  Uucp: ...!ukc!delluk!tim
Smoke me a Kipper, I'll be back for breakfast - Red Dwarf