Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!wuarchive!hsdndev!cmcl2!phri!marob!panix!eravin
From: eravin@panix.uucp (Ed Ravin)
Newsgroups: alt.hackers
Subject: Re: TIOCSTI
Summary: doesn't sound so secure to me...
Message-ID: <1991Jun5.151357.9482@panix.uucp>
Date: 5 Jun 91 15:13:57 GMT
References: <1991May13.211622.1452@sbcs.sunysb.edu> <tim.674729731@holly> <1991May26.025736.20208@cs.warwick.ac.uk>
Organization: Newsaholics Annonymous
Lines: 19
Approved: HackerMeister@kowshtupper.pasture.left-handed.edu

Even if they've got their terminals set to write-only access, if some
interloper knew that they used a VT-100 style terminal or other terminal
with programmable, remotely enabled function keys, couldn't someone send
the sequence to program a function key for "rm -f *\r" and then have the
terminal send it?  I used to do things like this in an environment with
25 line terminals -- I had a little script to send "<save cursor>, goto
line 25, write some cute message, and then <restore cursor> so as not to
disturb their session.  I also found some escape sequences that could send
VT-101's into a self-test mode that would hang the terminal, drop DTR, and
thus lose the session.

Are there any legitimate uses for TIOCSTI that make it worthwhile, or even
worth the inconvenient security risks?  Why did the vendors put it in there
in the first place?
-- 
Ed Ravin            | I'm sorry, sir, but POSTAL REGULATIONS don't allow
cmcl2!panix!eravin  | PLASTIC tape over PAPER tape and NYLON cord on an
philabs!trintex!elr | 86 inch girth to LITHUANIA...
+1 914 993 4737     |