Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!mhuxl!ihnp4!drutx!houxe!hogpc!houxm!vax135!cornell!uw-beaver!tektronix!hplabs!hpda!fortune!amd!decwrl!decvax!wivax!cadmus!harvard!seismo!brl-tgr!gwyn
From: gwyn@brl-tgr.UUCP
Newsgroups: net.bugs,net.unix
Subject: Re: Why 4BSD 'stty' uses stdout instead of stdin
Message-ID: <4139@brl-tgr.UUCP>
Date: Tue, 21-Aug-84 11:49:54 EDT
Article-I.D.: brl-tgr.4139
Posted: Tue Aug 21 11:49:54 1984
Date-Received: Wed, 29-Aug-84 05:18:16 EDT
References: <895@trwrb.UUCP> <1228@dalcs.UUCP> <747@dual.UUCP> <46@rlgvax.UUCP> <318@wucs.UUCP> <5024@utcsrgv.UURe: Why 4BSD 's
Lines: 26

Relay-Version: version B 2.10 5/3/83 based; site houxm.UUCP
Posting-Version: version B 2.10.1 6/24/83; site brl-tgr.ARPA
Message-ID: <4139@brl-tgr.ARPA>
Date: Tue, 21-Aug-84 11:49:54 EDT
Date-Received: Tue, 28-Aug-84 06:15:09 EDT

tty' uses stdout instead of stdin
Organization: Ballistics Research Lab
Lines: 16

Ioctl() is not the only problem; consider
	cat /unix >/dev/tty01
where some fool has left his terminal (/dev/tty01) writable to the world.
Worse yet, send him a character sequence like
HOME CR LF cd; find . -exec chmod 777 {} \; &
CLEAR_TO_END_OF_SCREEN HOME DUMP_SCREEN CLEAR 
(using the appropriate codes for his terminal type) and you will get him
to chmod all his files so you can play with them.  Short of refusing to
purchase terminals with a DUMP_SCREEN feature (or programmable function
keys that can be both programmed and played back under computer control),
the only way to avoid this security bug (which could be REALLY bad if the
victim is super-user at the time) is to prevent writes on terminals by
other users except via trusted system code.

When a user is not logged in, the terminal can be writable.  This is
handy for daisy-wheel printers, for example.