.plan

[George Hartzell]

In article <10814 at smoke.BRL.MIL>, gwyn at smoke (Doug Gwyn) writes:
>In article <1989Aug23.192105.21328 at ee.rochester.edu> deke at ee.rochester.edu (Dikran Kassabian) writes:
>>In article <61 at towernet.UUCP> larrym at rigel.uucp (24121-E R Inghrim(3786)556) writes:
>>>when I finger some users, they've got these plans with simple animated
>>>figures jumping and beeping.
>>these users have terminal-dependant cursor addressing and the like in
>>their .plan file.
>
>If "finger" really does dump the contents of .plan literally to a terminal,
>then you could exploit that misfeature to force-feed one of the terminal's
>programmable function keys, then dump it back.  That's a good way to run
>commands under somebody else's UID!  This would be a security hole that
>needs to be fixed.

A program called dotplan was posted a while back that used combinations 
of backspaces and carriage returns to draw simple animations.  I've used 
this in my dotplan in the past.  

I can understand how you one could program the functions keys, but how
could you simulate one being pressed?
g.
George Hartzell			                  (303) 492-4535
 MCD Biology, University of Colorado-Boulder, Boulder, CO 80309
hartzell at Boulder.Colorado.EDU  ..!{ncar,nbires}!boulder!hartzell