Amazing Maze is amazing
Lenny Tropiano
lenny at icus.islp.ny.us
Mon Oct 24 15:01:51 AEST 1988
In article <117 at ureka.UUCP> charlie at ureka.UUCP (charlie crassi) writes:
|>
|>I had a new user to ureka call me when his terminal got hung up. What I found
|>I could not explain so I hope perhaps Lenny, John, or some other UNIX-PC jock
|>can assist.
|>
UNIX PC jock, I guess that's a complement (Thanks) ;-)
|>Nobody was logged in at the console, and Duane had called in on his IBM PC
|>clone running Procomm version ?? in the VT100 emulator mode.
|>
|>He called up the User Agent (bad no no) and selected Toybox. In Toybox he
|>called up Hic's Amazing Maze from THE STORE. At this point, his terminal
|>locked up and Amazing Maze fired up on the Console with nobody logged in.
|>However, it only painted the first 2 screens and stayed in the 3D Maze
|>entrance accepting NO keyboard input.
|>
Well firstly calling up the User Agent from a remote terminal is valid
(although I don't particularly condone users running the user agent [one
of the major security holes on the unix-pc]) The bad part was Duane called
up Hic's Amazing Maze program that will *only* work on a bit-mapped
screen (ie. unix-pc console), that was the bad no no.
|>My questions are:
|>
|>1) How did this get started up on w1 ? It was running with a uid of 0.
|>
Well if you look at /usr/lib/ua/Toybox you will see an entry with:
Name=Amazing Maze
Default=Run
Run=EXEC -pwd /usr/games/Amazing
^^^
The reason why it was running on w1 was /usr/games/Amazing opens up /dev/window
to do all the bit-mapped screen handling. The reason it was uid 0 was because
of the "p" option in the EXEC statement. If you look in the ua(4) in the
User's Manual you will see the explanation of the -p option to EXEC.
"-p Run the process with superuser privileges"
This is the biggest security flaw the user agent has to offer...
|>2) Why did it disable both terminals ?
|>
Well it really didn't disable your console, you could have probably switched
back to the window the getty was running on and logged in fine [this I'm
not sure of but in theory it should work ???] As for his terminal, it was
feeding the input to the game. It's kinda weird cause I did this once
at work. I was able to make the moves on the remote terminal and see
the results on the unix-pc screen. If he hit the escape sequence for "EXIT"
it might have fixed both screens!
Stay away from programs that use the bitmapped window capabilities of
the UNIX PC on remote terminals.
I hope this sheds some light on your problem.
-Lenny
--
Lenny Tropiano ICUS Software Systems [w] +1 (516) 582-5525
lenny at icus.islp.ny.us Telex; 154232428 ICUS [h] +1 (516) 968-8576
{talcott,decuac,boulder,hombre,pacbell,sbcs}!icus!lenny attmail!icus!lenny
ICUS Software Systems -- PO Box 1; Islip Terrace, NY 11752
More information about the Unix-pc.bugs
mailing list