Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!usc!ucsd!ucbvax!BRL.MIL!butler
From: butler@BRL.MIL ("Lee A. Butler")
Newsgroups: comp.sys.sgi
Subject: 4sight cut/paste buffer bogosity
Message-ID: <9002231523.aa05724@VMB.BRL.MIL>
Date: 23 Feb 90 20:23:04 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 36

It turns out that the contents of the cut/paste buffer of the 4sight window
manager survive log-out.  This is because the cut/paste buffer is stored in
/tmp/.cutbuffer and is not zeroed or deleted on logout.  Security minded folks
should redefine the function "exitcleanly" in thier user.ps, or (better still)
get the system manager to modify the function definition in:

	 /usr/NeWS/lib/NeWS/init.ps

to be something like the following:

/exitcleanly {
	% wipe out the cut/paste buffer				% new LAB/BRL
	(cp /dev/null /tmp/.cutbuffer) forkunix			% new LAB/BRL
	% Destroy all windows that know /destroy
	{/destroy self send} AllWin
	% Wait 3 seconds for console to die
	0.05 sleep
	% Terminate the server
	^C
} def

This will work until we can get SGI and/or SMI to make the window manager
handle this directly.

For the ambitious hacker, check out the other files that 4sight leaves in /tmp
and see if you can figure out what to do with the information there ;-).

In case you haven't heard, you need to secure your tftp server daemon (either
disable it or make it run chroot'ed to someplace harmless).  As delivered from
SGI, tftp can be used to copy ANY world readable files on the system,
including /etc/passwd.

Lee A. Butler
SLCBR-VL-V					Internet: butler@brl.mil
Ballistic Research Laboratory			   Phone: (301) 278-8740
Aberdeen Proving Grounds, MD 21005-5066