BSD tty security, part 3: How to Fix It
Wes Peters
wes at harem.clydeunix.com
Fri May 3 04:55:27 AEST 1991
In article <15896:Apr2714:35:3991 at kramden.acf.nyu.edu> brnstnd at kramden.acf.nyu.edu (Dan Bernstein) writes:
> 3. Do people think it's a problem that ``write'' can flood a terminal
> with output before the recipient has a chance to react? My version
> limits output to 500 characters per line and one line a second. Does
> anyone think that this affects legitimate uses of ``write''? If not, is
> there any harm in adding the protection against accidents and abuse?
I think write should reject any input not from a terminal:
if (!isatty(fileno(stdin))) {
fprintf(stderr, "write: input must be a terminal!\n");
exit(-1);
}
I know this will take care of 'cat longfile | write sucker', but does it
also take care of a 'here is' document (i.e. shell << document)?
Wes Peters
--
#include <std/disclaimer.h> The worst day sailing
My opinions, your screen. is much better than
Raxco had nothing to do with this! the best day at work.
Wes Peters: wes at harem.clydeunix.com ...!sun!unislc!harem!wes
More information about the Comp.unix.wizards
mailing list