Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!henry
From: henry@utzoo.UUCP (Henry Spencer)
Newsgroups: net.unix
Subject: Re: Slaying Gould dragon with a wooden
Message-ID: <7299@utzoo.UUCP>
Date: Fri, 7-Nov-86 15:24:35 EST
Article-I.D.: utzoo.7299
Posted: Fri Nov  7 15:24:35 1986
Date-Received: Fri, 7-Nov-86 15:24:35 EST
References: <161@unisec.UUCP> <3800016@snail>, <2481@phri.UUCP>
Organization: U of Toronto Zoology
Lines: 22

> 	Maybe I'm missing something obvious, but why are block-mode
> terminals a security problem?

Any terminal which can be caused, remotely, to send part of what's on its
screen is a security problem on a normal Unix.  Just write something out
to the screen and then send the send-screen sequence, and the characters
come in just as if the user had typed them.  Do it when somebody is
signed in as root on such a terminal, and you've got superuser powers.

The only fixes are to either (a) avoid such terminals, or (b) carefully
control what other people can write to your terminal.  The latter is
harder than it looks, because the bad guy can always put the interesting
sequences in mail messages ("letterbombs") or in files rather than sending
them directly.

Remotely-programmable function keys can also cause trouble this way.  If
their contents can be read back remotely, the same technique works.  If
there is no read-back, you have to choose a key that the user will hit
in the course of normal use.
-- 
				Henry Spencer @ U of Toronto Zoology
				{allegra,ihnp4,decvax,pyramid}!utzoo!henry