Path: utzoo!utgpu!cs.utexas.edu!uunet!mcsun!ukc!warwick!cs.warwick.ac.uk!usenet
From: crisp@cs.warwick.ac.uk (CrisP)
Newsgroups: alt.hackers
Subject: Re: TIOCSTI
Message-ID: <1991May26.025736.20208@cs.warwick.ac.uk>
Date: 26 May 91 02:57:36 GMT
References: <1991May13.211622.1452@sbcs.sunysb.edu> <tim.674729731@holly>
Sender: usenet@cs.warwick.ac.uk (Network News)
Organization: Computer Science, Warwick University, UK
Lines: 51
Approved: Me

I haven`t managed to post from this department before. So lets see if this
works!

In article <tim.674729731@holly> tim@dell.co.uk (Tim Wright) writes:
>In <1991May13.211622.1452@sbcs.sunysb.edu> god@csserv2.ic.sunysb.edu (The Lord God your Creator) writes:
>
>
>>The TIOCSTI ioctl lets you simulate keyboard input on other peoples terminals
>>while they're logged in as long as you have write perminssion for the tty
>>(mesg y). So you could write the string: "rm -r *\n" and it would be executed
>>if the user was in a shell.  Whoever made this system call goofed. 
>
>No they didn't. They did in 4.2BSD but it was fixed in 4.3. Basically, you
>can only execute it on your control tty. Under 4.2BSD, you could open a
>tty for write only, having first used TIOCNOTTY to get rid of your control
>tty, and use TIOCSTI, since the open made the new tty the control terminal
>for that process. Under 4.3BSD, you need read access on the terminal as well,
>and that is not usually the case unless somebody really wants to be hacked !

Read access on your tty.

I have great fun with programs like this:
-rwxr-xr-x  1 gnu      wheel       73728 Jan 21 19:22 /gnu/bin/screen*

And:
-rwxr-xr-x  1 bin      wheel      376832 Jul 21  1990 /usr/local/bin/X11/xterm*

Because when I am using them and I do something like "ls -Flg `tty`" I get:
crw-rw-rw-  1 root     wheel     20,   1 May 26 03:49 /dev/ttyp1

I don't want to be hacked, but not being root there aint much I can do about
that tty!

~CrisP.

>
>Tim
>-- 
>Tim Wright, Dell Computer Corp., Bracknell    |  Domain: tim@dell.co.uk
>Berkshire, UK, RG12 1RW. Tel: +44-344-860456  |  Uucp: ...!ukc!delluk!tim
>Smoke me a Kipper, I'll be back for breakfast - Red Dwarf

------------------------------------------------------------------
crisp@uk.ac.warwick.cs |   I didn't do it. Nobody saw me do it.
                       | You can't prove anything. - Bart Simpson.
------------------------------------------------------------------
-- 
------------------------------------------------------------------
crisp@uk.ac.warwick.cs |   I didn't do it. Nobody saw me do it.
                       | You can't prove anything. - Bart Simpson.
------------------------------------------------------------------