Slaying Gould dragon with a wooden hoss

[Daniel R. Levy]

In article <5256 at brl-smoke.ARPA>, gwyn at brl-smoke.ARPA (Doug Gwyn ) writes:
>In article <2481 at phri.UUCP> roy at phri.UUCP (Roy Smith) writes:
>>	Maybe I'm missing something obvious, but why are block-mode
>>terminals a security problem?
>The problem is that these features allow anyone who can transmit
>more-or-less unmolested information to the terminal to force-feed
>input from that terminal, which so far as UNIX knows was typed by
>the logged-in user.  This can be protected against to some degree
>by changing the "write" utility, mail-reading interface, etc. to
>not send ESC and other possibly harmful characters unmapped to the
>terminal.  However, "cat file" can still trip a mine like this.

As a matter of fact, unless the /dev device associated with the
terminal is world-unwriteable (mesg n), simply "cat hacker.file > /dev/console"
is a dangerous possibility for a logged-in-as-root block-mode terminal.  SO
WHAT if "write" is prissy about what it sends? :-)  ("write" is normally not
setuid root anyway, so fixing it to filter out escape sequences wouldn't
help anything that a "mesg n" wouldn't also help.)

I think the big trick with doing it that way (or with mail) would be to do
it so that the person using the terminal notices nothing out of the ordinary
when the dastardly deed actually happens.  Especially with mail, where the
sender of the mail is shown!
-- 
 -------------------------------    Disclaimer:  The views contained herein are
|       dan levy | yvel nad      |  my own and are not at all those of my em-
|         an engihacker @        |  ployer or the administrator of any computer
| at&t computer systems division |  upon which I may hack.
|        skokie, illinois        |
 --------------------------------   Path: ..!{akgua,homxb,ihnp4,ltuxa,mvuxa,
	   go for it!  			allegra,ulysses,vax135}!ttrdc!levy