BSD tty security, part 3: How to Fix It
John 'tms' Navarra
navarra at casbah.acns.nwu.edu
Mon Apr 29 12:31:36 AEST 1991
In article <15896:Apr2714:35:3991 at kramden.acf.nyu.edu> brnstnd at kramden.acf.nyu.edu (Dan Bernstein) writes:
>(Note that the changes to ``write'' being discussed here are entirely
>optional suggestions; only steps 1-12 are necessary to fix the basic
>problems.)
>
>
>Well, I'm glad you agree with two of them, but I'd like to ask the net's
>opinion on the other two. Let me split this into three questions:
>
>1. Do people think it's a problem that lines from ``write'' are not
>identified? If nothing else, I like the ability to carry on two or three
>write conversations at once without getting totally confused. If others
>don't like this, though, then I'll stop pushing for it.
I don't really have a problem with this. But I suppose it is no
big deal to include a username: message
at the begining of each line.
As far as making write multi-user -- THAT would be useful and then you
would need this utility to identify users. I guess you are pretty much
writing a local irc?
>
>2. Do people think it's a problem that someone can start a ``write'',
>then just type EOF or EOT to simulate ending it, then continue typing
>without identification? While most experienced users will guess exactly
>what's going on, novice users are really up the creek. Does anyone agree
>with Jef that it's ``disgusting'' to see
>
> Message from operator at kramden on ttyp7 at 10:24 ...
> operator: this is where the text goes
> operator: and so on
> End of message from operator at kramden on ttyp7 at 10:25
>
>instead of
>
> Message from operator at kramden on ttyp7 at 10:24 ...
> this is where the text goes
> and so on
> EOF
Again, this is an EASY thing to do. You could do some checking to see
if the string eof (EOF) is passed and then exit automatically and in
addition, print out the username of the person sending the message at the
end of the session.
>
>Maybe I'm biased from my RELAY days, but I really find the first format
>more informative.
>
>3. Do people think it's a problem that ``write'' can flood a terminal
>with output before the recipient has a chance to react? My version
>limits output to 500 characters per line and one line a second. Does
>anyone think that this affects legitimate uses of ``write''? If not, is
>there any harm in adding the protection against accidents and abuse?
Another good point. I once (along with a friend of mine) just swamped our
super users terminal whenever he logged in. Write should have some limit
to the number of characters it sends at a time. Or perhaps a better way
to deal with large amounts of characters being transferred at one time --
like if a char/min ratio was too big, write would pause a coupla seconds
to accept a kill signal from the receiver.
>
>---Dan
Good luck with your program.
--
>From the Lab of the MaD ScIenTiST:
navarra at casbah.acns.nwu.edu
More information about the Comp.unix.wizards
mailing list