BSD tty security, part 3: How to Fix It
Peter Langston
psl at segue.segue.com
Mon Apr 29 10:30:27 AEST 1991
In article <12535 at dog.ee.lbl.gov> Jef Poskanzer <jef at well.sf.ca.us> writes:
>In the referenced message, brnstnd at kramden.acf.nyu.edu (Dan Bernstein) wrote:
>}13. Fix write. Many people don't appreciate how poor write's security
>}is; I quote from my pty paper's description of a write clone:
>}: ... blah, blah ...
>}code from it. Don't even give me any credit, just fix the bugs. Please.
>
>As the co-author of the current BSD write, I can respond to this.
>Our version does make control chars visible. Checking the permissions
>on the recipient before each line is a good idea. The rest of your
>changes are disgusting.
Jef is being too kind. Agreed, the rest of the changes are disgusting in
their protect-the-user-from-her/himself presumption, but checking the
permissions on the recipient before each line is NOT such a good idea.
As it stands now, you can allow write access long enough for a friend to
initiate a write(1) and then turn off write access and discourage any other
interruption, (i.e. you can discriminate among users temporally).
Changing write to do continued checking of write permission would only
further frustrate users attempts to control their own environments.
It is hard to believe that the write program is the best place to solve the
problems of antisocial behaviour in one's community...
More information about the Comp.unix.wizards
mailing list