Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site wjvax.UUCP Path: utzoo!linus!decvax!decwrl!sun!qubix!ios!wjvax!ron From: ron@wjvax.UUCP (Ron Christian) Newsgroups: net.bugs,net.bugs.4bsd,net.unix Subject: Re: stty bug + effects Message-ID: <190@wjvax.UUCP> Date: Mon, 27-Aug-84 17:08:07 EDT Article-I.D.: wjvax.190 Posted: Mon Aug 27 17:08:07 1984 Date-Received: Thu, 30-Aug-84 09:26:55 EDT References: <631@bnl.UUCP> Organization: Watkins Johnson, San Jose, Calif. Lines: 66 () *** >From: piggott@bnl.UUCP (Christopher Piggott): >Here is the way that I keep myself protected from the "stty 0 > /dev/ttyxx"'s >of this world.... >First, an automatic "mesg n" in my .profile. If somebody wants to page me >for "talk", "write", or whatever, then tough. They'll send it through >MAIL first if it's important enough. ******* Well, this seems paranoid to me. As well as having an important hole if you use a VT100. That is, a competant Terminal Warrior can get around a 'mesg n' with a little fiddling. Mail, also, is not really a valid replacement for talk or write unless you have 'biff' set, which is leaving yourself open again. I wonder if you miss phone calls if you're on a remote terminal. ******* >Second, if I wish to 'talk' with someone, I don't just use regular 'talk' >or 'write'. I use this simple shell script, named "xtalk", in my directory. >(sleep 20;mesg n;echo -n "*")& >mesg y >talk $1 >And that takes care of things.... *** Unless the person you want to talk to also has 'mesg n' set. What do you do then? The basic premise seems to be that you are the only one that needs protection, not your co-workers. Awhile ago, when terminal wars hits were flying hither and yon, everyone had 'mesg n' in his/her .login. As I mentioned, there are ways to circumnavigate this with preparation. So the only effect was that no one could contact any one else for legitimate means. Foolish. We tried some things, like a 'talk' that auto- matically hammered open the person's tty, but someone thought this might 'leave him open' so ran a script in the background that checked message bit and took appropriate action... Did you know that you can send those funny escape sequences through 4.1 'talk' if you type them in verbatum? There was also a race by a couple of people to aquire the su password (password stealing programs, or careful attention to unattended terminals) in order to break through someone else's protection. Real damage was done in the process. Anyway, the load average was climbing, and things were rapidly getting out of hand, so a message was handed down from above: "Cut this f***** crap out or lose your password." And THAT is the ONLY way you are going to stop this stuff. For every protection scheme there are a dozen ways to crack it. And individual protection schemes only provide a challange to folks who go in for this sort of thing. -- "Trivia is important." Ron Christian Watkins-Johnson Co. San Jose, Calif. (...ios!wjvax!ron)