Path: utzoo!utgpu!news-server.csri.toronto.edu!devnull Newsgroups: alt.hackers From: cks@hawkwind.utcs.toronto.edu (Chris Siebenmann) Subject: Re: TIOCSTI Message-ID: <1991May25.075813.5286@jarvis.csri.toronto.edu> Summary: I am going to regret this Organization: Ziebmef home away from home References: <1991May13.211622.1452@sbcs.sunysb.edu> Date: 25 May 91 11:58:13 GMT Approved: cks@ziebmef.mef.org Lines: 32 tim@dell.co.uk (Tim Wright) writes: | No they didn't. They did in 4.2BSD but it was fixed in 4.3. Basically, you | can only execute it on your control tty. [talks about how you need read & write access to a terminal to make it your controlling terminal in 4.3BSD.] There's at least one fairly trivial method of getting over this difficulty on some systems; I don't plan to explain further, sorry. This problem, incidentally, is at least one part of the great Dan Bernsteing tty security war going on in various newsgroups near you. I currently believe that the Ultrix 4.x kernel has enough support to defeat attacks using this technique; unfortunately, you need to fix all the pty-allocating daemons to do the right thing, which usually requires either the willingness to run 4.3Tahoe daemons and programs on an Ultrix machine (with any ensuing porting headaches) or Ultrix 4.x source. This is another example of why places that are serious about running real systems in real production environments continue to demand kernel and utility source from their vendors. Vendors, sit up and take notice. [I could have, with experimentation, verified that my fix was probably correct and complete without kernel source. I would not be HALF as confident about it, though; actually reading the kernel source was highly usefull.] -- "If the vendors started doing everything right, we would be out of a job. Let's hear it for OSI and X! With those babies in the wings, we can count on being employed until we drop, or get smart and switch to gardening, paper folding, or something." - C. Philip Wood cks@hawkwind.utcs.toronto.edu ...!{utgpu,utzoo,watmath}!utgpu!cks