Failure of iswind()
DoN Nichols
dnichols at ceilidh.beartrack.com
Sat May 25 14:01:52 AEST 1991
In article <1991May24.203238.7990 at sci.ccny.cuny.edu> jeffrey at sci.ccny.cuny.edu (Jeffrey L Bromberger) writes:
>Just for fun, I tried the following command from my VAX to my
>ethernet'ted 3b1:
>
>% rsh notvax /usr/games/klondike
>
>Now, considering the fact that I'm not logged in on the console, this
>should fail. This game, like many others, use iswind() to see if I'm
>on the bitmapped screen. The logic should stop me if I'm not.
>But, it doesn't! It overwrites the console display (without regard as
>to what or who is going on) with the game screen!
Yep, happened to me when my wife called it up after reading news on
my system.
>Any idea why all these games (klondike/mahjongg/rocks/bugs) all have
>this behavior? Is it only seen when using the ethernet package? Does
>this happen if someone dials in via the OBM? Is iswind() just plain
>drain-bamaged?
Yes, it happens when logged in to a tty port. I presume that it
could happen via the OBM as well. Iswind() must be quite brain-damaged. I
added code to my first copy of klondike to check if /dev/tty = w? to avoid
this, but that is a kluge.
>Isn't this some bizarre sort of security hole?!?
At least a denial-of-service one. Maybe we need to rewrite iswind().
Kep Hoping
DoN.
--
Donald Nichols (DoN.) | Voice (Days): (703) 664-1585
D&D Data | Voice (Eves): (703) 938-4564
Disclaimer: from here - None | Email: <dnichols at ceilidh.beartrack.com>
--- Black Holes are where God is dividing by zero ---
More information about the Comp.sys.3b1
mailing list