BSD tty security, part 3: How to Fix It
Jef Poskanzer
jef at ee.lbl.gov
Sat Apr 27 02:48:30 AEST 1991
In the referenced message, brnstnd at kramden.acf.nyu.edu (Dan Bernstein) wrote:
}13. Fix write. Many people don't appreciate how poor write's security
}is; I quote from my pty paper's description of a write clone:
}: Finally, write is a vastly improved clone. The old write had several big
}: security holes: 1. Control characters were passed through. This version
}: converts anything unprintable into a caret. 2. Lines were not
}: distinctively marked. A user could manually simulate the ``EOT'' or
}: ``EOF'' sequence, wait a few minutes, then start sending anything to the
}: other tty without identification. This version precedes each line with
}: the name of the sending user, and prints something more informative than
}: EOT for an ended message. 3. write could be used to flood a terminal.
}: (This is an accident waiting to happen.) This version puts a one-second
}: pause between each line and restricts line length. 4. Originally, write
}: would only check the protection on the tty being written to. But this
}: meant that a user could be interrupted by someone hiding behind mesg n
}: and have no recourse. (Footnote: Remember that UNIX has no enforce()
}: call to enforce new permissions on an object. Setting mesg n does not
}: stop a write in progress.) So many versions of write included
}: ``revenge'': X was allowed to write to Y only if Y could write back.
}: However, these versions tested tty protection only at the beginning of a
}: message---which was useless. This version does the correct test: it
}: simply checks write permission before sending each new line.
}My write clone is public-domain, so I invite you---I beg you---to steal
}code from it. Don't even give me any credit, just fix the bugs. Please.
As the co-author of the current BSD write, I can respond to this.
Our version does make control chars visible. Checking the permissions
on the recipient before each line is a good idea. The rest of your
changes are disgusting.
---
Jef
Jef Poskanzer jef at well.sf.ca.us {apple, ucbvax, hplabs}!well!jef
"In my poor, lean, lank face nobody has ever seen that any cabbages
were sprouting out." -- Abraham Lincoln
More information about the Comp.unix.wizards
mailing list