BSD tty security, part 3: How to Fix It
Rob McMahon
cudcv at warwick.ac.uk
Mon Apr 29 05:26:06 AEST 1991
In article <15896:Apr2714:35:3991 at kramden.acf.nyu.edu> brnstnd at kramden.acf.nyu.edu (Dan Bernstein) writes:
>1. Do people think it's a problem that lines from ``write'' are not
>identified? If nothing else, I like the ability to carry on two or three
>write conversations at once without getting totally confused.
I think it's a problem if the formatting is different on both ends. I tend to
press RETURN when I'm getting near the end of a line, and it's messy if this
gets broken up at the other end. I often type code, or cut&paste text or code
into the write session, and it's a pain if this gets broken, or they can't
themselves cut&paste it into an editor without having to strip out the junk.
I've never seriously held more than one write session at a time in a single
window, but not because the messages get mixed up, but rather because of all
that switching between write commands. I have no trouble keeping two windows
active.
>2. Do people think it's a problem that someone can start a ``write'', then
>just type EOF or EOT to simulate ending it, then continue typing without
>identification?
I think it's more important to keep the formatting intact, and the longer
message is of no use without the identifying `user: ' at the beginning of
typed lines (because I can obviously just type `End of message from ...'
instead of EOF). Maybe I've just been lucky, but I've never been attacked
with this one. If `mesg n' worked after the event I don't think it's a
problem.
>3. Do people think it's a problem that ``write'' can flood a terminal with
>output before the recipient has a chance to react? My version limits output
>to 500 characters per line and one line a second. Does anyone think that
>this affects legitimate uses of ``write''?
This idea seems to have more merit. I have seen people doing `worms | write'
or `write < /usr/dict/words'. Against that, I often send people a quick
message of a few lines using
write user << 'eof'
...
'eof'
So that they don't have to sit there waiting for me to correct my typos. It
would be a shame if the output only came out at one line a second. Maybe
there's a compromise solution ... can I have 500 free characters before the
one line a second clunks in ?
Cheers,
Rob
--
UUCP: ...!mcsun!ukc!warwick!cudcv PHONE: +44 203 523037
JANET: cudcv at uk.ac.warwick INET: cudcv at warwick.ac.uk
Rob McMahon, Computing Services, Warwick University, Coventry CV4 7AL, England
More information about the Comp.unix.wizards
mailing list