'stty', 'write', 'mail', 'readnews', et al.
Henry A. Strickland
strick at gatech.UUCP
Mon Sep 3 10:59:05 AEST 1984
> Ioctl() is not the only problem; consider
> cat /unix >/dev/tty01
> where some fool has left his terminal (/dev/tty01) writable to the world.
> Worse yet, send him a character sequence like
> HOME CR LF cd; find . -exec chmod 777 {} \; &
> CLEAR_TO_END_OF_SCREEN HOME DUMP_SCREEN CLEAR
> (using the appropriate codes for his terminal type) and you will get him
> to chmod all his files so you can play with them.
If the above can work if 'write'ing or 'cat'ing to a /dev/tty*,
wouldn't it also work if you mailed it to someone, or posted it
to net.general? I tried mailing myself a string of control characters,
and 'mail' unquestioningly sent them to my terminal.
I have seen manuals containing FF characters come across 'readnews'.
Do other systems filter these out, or are we all vulnerable?
I keep 'mesg y', and don't consider myself a fool. I also don't filter
control characters out of my 'mail' or 'readnews'. I would send you
all a control-g in this message as a test, but I could imagine people
who post propaganda to net.general putting FFs and BELs in their messages
as attention grabbers, and I think it would be a terrible precedent.
I'll offer a free net.stonehenge subscription for whoever can bring down
every machine on the net first . . .
--
the clouds project henry strickland
school of ics / ga tech
atlanta ga 30332 { akgua allegra hplabs ihnp4 }!gatech!strick
More information about the Net.bugs
mailing list