BSD tty security, part 3: How to Fix It

[Hans-Henrik St{rfeldt]

brnstnd at kramden.acf.nyu.edu (Dan Bernstein) writes:

>(Note that the changes to ``write'' being discussed here are entirely
>optional suggestions; only steps 1-12 are necessary to fix the basic
>problems.)

>In article <12535 at dog.ee.lbl.gov> Jef Poskanzer <jef at well.sf.ca.us> writes:
>> Our version does make control chars visible.  Checking the permissions
>> on the recipient before each line is a good idea.  The rest of your
>> changes are disgusting.

>Well, I'm glad you agree with two of them, but I'd like to ask the net's
>opinion on the other two. Let me split this into three questions:

Another problem pops up, using write with X-windows, it is possible to hide
yourself entirely, from the person you write to. This is done by making a
'non-login-shell' from your mail session (xterm). Then you can write to other
users, who gets following message:

Message from ???@freja on ttyp7 at 10:24 ...
typed message here....
EOF

This, i think is one of the greater problems with write.

--Hans Henrik Staerfeldt

ps. I am a user, not a sysop
-- 
____________________________________________________________
DK_  |  |         Bombman the mad bomber                    |
 // .|{}|         Bombman at freja.diku.dk                     |
/-|  |__|         Hans Henrik Staerfeldt                    |