stty bug + effects
Keith Muller
muller at sdccsu3.UUCP
Thu Aug 16 04:08:46 AEST 1984
You can easily protect users from stty 0 and other nasties (like people sending
the output of worms to each other) by using group access control on the users
tty port.
1) Create a group called something like "term" that no users in it.
2) Change login to set the mode of the tty to have GROUP write access and turn
off OTHER access. Also have login set the group of the tty (while login is
still running as root) to the group "term". (Make sure that login does not
end up running in group "term" as that would defeat the fix).
3) Change mesg to turn on and off the GROUP write permission leaving OTHER
permission off.
4) Change programs like finger, write, talkd, ... to understand that GROUP
write permission means you can write to the user (instead of other).
5) Change write to be setgid to "term" (talk is already setuid root so does
not have to be changed as talkd determines who can be written to).
This has stopped abuse (we have a large student population on 9 unix machines)
completely.
Keith Muller
UCSD Computer Center
More information about the Net.bugs
mailing list