stty bug + effects

Ron Christian ron at wjvax.UUCP
Tue Aug 28 07:08:07 AEST 1984 

()

***
>From: piggott at bnl.UUCP (Christopher Piggott):

>Here is the way that I keep myself protected from the "stty 0 > /dev/ttyxx"'s
>of this world....

>First, an automatic "mesg n" in my .profile.  If somebody wants to page me
>for "talk", "write", or whatever, then tough.  They'll send it through
>MAIL first if it's important enough.

*******
Well, this seems paranoid to me.  As well as having an important hole if
you use a VT100.  That is, a competant Terminal Warrior can get around
a 'mesg n' with a little fiddling.  Mail, also, is not really a valid
replacement for talk or write unless you have 'biff' set, which is leaving
yourself open again.  I wonder if you miss phone calls if you're on a remote
terminal.
*******

>Second, if I wish to 'talk' with someone, I don't just use regular 'talk'
>or 'write'.  I use this simple shell script, named "xtalk", in my directory.

>(sleep 20;mesg n;echo -n "*")&
>mesg y
>talk $1

>And that takes care of things....

***
Unless the person you want to talk to also has 'mesg n' set.  What
do you do then?  The basic premise seems to be that you are the only
one that needs protection, not your co-workers.

Awhile ago, when terminal wars hits were flying hither and yon, 
everyone had 'mesg n' in his/her .login.  As I mentioned, there
are ways to circumnavigate this with preparation.  So the only
effect was that no one could contact any one else for legitimate
means.  Foolish.  We tried some things, like a 'talk' that auto-
matically hammered open the person's tty, but someone thought
this might 'leave him open' so ran a script in the background
that checked message bit and took appropriate action...

Did you know that you can send those funny escape sequences through
4.1 'talk' if you type them in verbatum?

There was also a race by a couple of people to aquire the su
password (password stealing programs, or careful attention
to unattended terminals) in order to break through someone
else's protection.  Real damage was done in the process.

Anyway, the load average was climbing, and things were rapidly
getting out of hand, so a message was handed down from above:
"Cut this f***** crap out or lose your password."

And THAT is the ONLY way you are going to stop this stuff.  For
every protection scheme there are a dozen ways to crack it.  And
individual protection schemes only provide a challange to folks
who go in for this sort of thing.
-- 

	"Trivia is important."		Ron Christian
					Watkins-Johnson Co.
					San Jose, Calif.
					(...ios!wjvax!ron)

More information about the Net.bugs mailing list