Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!rutgers!clyde!cuae2!ltuxa!ttrdc!levy
From: levy@ttrdc.UUCP (Daniel R. Levy)
Newsgroups: comp.unix.questions
Subject: Re: Slaying Gould dragon with a wooden hoss
Message-ID: <1307@ttrdc.UUCP>
Date: Sun, 9-Nov-86 22:20:39 EST
Article-I.D.: ttrdc.1307
Posted: Sun Nov  9 22:20:39 1986
Date-Received: Tue, 11-Nov-86 00:02:18 EST
References: <161@unisec.UUCP> <3800016@snail> <2481@phri.UUCP> <5256@brl-smoke.ARPA>
Organization: AT&T, Computer Systems Division, Skokie, IL
Lines: 31

In article <5256@brl-smoke.ARPA>, gwyn@brl-smoke.ARPA (Doug Gwyn ) writes:
>In article <2481@phri.UUCP> roy@phri.UUCP (Roy Smith) writes:
>>	Maybe I'm missing something obvious, but why are block-mode
>>terminals a security problem?
>The problem is that these features allow anyone who can transmit
>more-or-less unmolested information to the terminal to force-feed
>input from that terminal, which so far as UNIX knows was typed by
>the logged-in user.  This can be protected against to some degree
>by changing the "write" utility, mail-reading interface, etc. to
>not send ESC and other possibly harmful characters unmapped to the
>terminal.  However, "cat file" can still trip a mine like this.

As a matter of fact, unless the /dev device associated with the
terminal is world-unwriteable (mesg n), simply "cat hacker.file > /dev/console"
is a dangerous possibility for a logged-in-as-root block-mode terminal.  SO
WHAT if "write" is prissy about what it sends? :-)  ("write" is normally not
setuid root anyway, so fixing it to filter out escape sequences wouldn't
help anything that a "mesg n" wouldn't also help.)

I think the big trick with doing it that way (or with mail) would be to do
it so that the person using the terminal notices nothing out of the ordinary
when the dastardly deed actually happens.  Especially with mail, where the
sender of the mail is shown!
-- 
 -------------------------------    Disclaimer:  The views contained herein are
|       dan levy | yvel nad      |  my own and are not at all those of my em-
|         an engihacker @        |  ployer or the administrator of any computer
| at&t computer systems division |  upon which I may hack.
|        skokie, illinois        |
 --------------------------------   Path: ..!{akgua,homxb,ihnp4,ltuxa,mvuxa,
	   go for it!  			allegra,ulysses,vax135}!ttrdc!levy