BSD tty security, part 3: How to Fix It
Steven S. Dick
ssd at engr.ucf.edu
Wed May 1 22:10:58 AEST 1991
In article <15896:Apr2714:35:3991 at kramden.acf.nyu.edu> brnstnd at kramden.acf.nyu.edu (Dan Bernstein) writes:
> Message from operator at kramden on ttyp7 at 10:24 ...
> operator: this is where the text goes
> operator: and so on
> End of message from operator at kramden on ttyp7 at 10:25
Well, personally, I don't like this style or the standard style.
The format is OK....it's the timing I detest.
I've written my own write replacement [which I probably should release
to the net] that lets you type your whole message before it sends it.
I HATE getting the write start message, and then waiting to get the rest.
The name at the beginning of the line isn't needed if the message is sent
as one chunk.
A few security additions I put in my program right away...
It limits the message to 20 lines. This could, I suppose, ioctl the
remote terminal and check its actual height. (Assume 20 otherwise.)
It doesn't make sure the input is coming from a tty--maybe it should.
I didn't think of putting in a pause before sending the next 20
lines... This might be useful. I wouldn't actually pause--just record
the time, and make sure that some decent amount of time (like at least
1 sec per line) has passed before sending anything more. Nobody can
actually type that fast anyway. :-)
Steve
ssd at engr.ucf.edu
More information about the Comp.unix.wizards
mailing list