Path: utzoo!utgpu!water!watmath!uunet!xanth!mcnc!rutgers!mit-eddie!andante!att!icus!lenny From: lenny@icus.islp.ny.us (Lenny Tropiano) Newsgroups: unix-pc.bugs Subject: Re: Amazing Maze is amazing Message-ID: <529@icus.islp.ny.us> Date: 24 Oct 88 05:01:51 GMT References: <117@ureka.UUCP> Reply-To: lenny@icus.islp.ny.us (Lenny Tropiano) Distribution: unix-pc Organization: ICUS Software Systems, Islip, New York Lines: 63 In article <117@ureka.UUCP> charlie@ureka.UUCP (charlie crassi) writes: |> |>I had a new user to ureka call me when his terminal got hung up. What I found |>I could not explain so I hope perhaps Lenny, John, or some other UNIX-PC jock |>can assist. |> UNIX PC jock, I guess that's a complement (Thanks) ;-) |>Nobody was logged in at the console, and Duane had called in on his IBM PC |>clone running Procomm version ?? in the VT100 emulator mode. |> |>He called up the User Agent (bad no no) and selected Toybox. In Toybox he |>called up Hic's Amazing Maze from THE STORE. At this point, his terminal |>locked up and Amazing Maze fired up on the Console with nobody logged in. |>However, it only painted the first 2 screens and stayed in the 3D Maze |>entrance accepting NO keyboard input. |> Well firstly calling up the User Agent from a remote terminal is valid (although I don't particularly condone users running the user agent [one of the major security holes on the unix-pc]) The bad part was Duane called up Hic's Amazing Maze program that will *only* work on a bit-mapped screen (ie. unix-pc console), that was the bad no no. |>My questions are: |> |>1) How did this get started up on w1 ? It was running with a uid of 0. |> Well if you look at /usr/lib/ua/Toybox you will see an entry with: Name=Amazing Maze Default=Run Run=EXEC -pwd /usr/games/Amazing ^^^ The reason why it was running on w1 was /usr/games/Amazing opens up /dev/window to do all the bit-mapped screen handling. The reason it was uid 0 was because of the "p" option in the EXEC statement. If you look in the ua(4) in the User's Manual you will see the explanation of the -p option to EXEC. "-p Run the process with superuser privileges" This is the biggest security flaw the user agent has to offer... |>2) Why did it disable both terminals ? |> Well it really didn't disable your console, you could have probably switched back to the window the getty was running on and logged in fine [this I'm not sure of but in theory it should work ???] As for his terminal, it was feeding the input to the game. It's kinda weird cause I did this once at work. I was able to make the moves on the remote terminal and see the results on the unix-pc screen. If he hit the escape sequence for "EXIT" it might have fixed both screens! Stay away from programs that use the bitmapped window capabilities of the UNIX PC on remote terminals. I hope this sheds some light on your problem. -Lenny -- Lenny Tropiano ICUS Software Systems [w] +1 (516) 582-5525 lenny@icus.islp.ny.us Telex; 154232428 ICUS [h] +1 (516) 968-8576 {talcott,decuac,boulder,hombre,pacbell,sbcs}!icus!lenny attmail!icus!lenny ICUS Software Systems -- PO Box 1; Islip Terrace, NY 11752