stty bug + effects
P McFerrin
mcferrin at inuxc.UUCP
Thu Aug 16 06:16:44 AEST 1984
>From ihnp4!mgnetp!burl!clyde!watmath!utzoo!linus!philabs!sbcs!bnl!piggott Sun Aug 12 17:59:18 1984
>From: piggott at bnl.UUCP (Christopher Piggott)
>Newsgroups: net.bugs,net.bugs.4bsd
>Subject: stty bug + effects
>Article-I.D.: bnl.571
>Posted: Sun Aug 12 17:59:18 1984
>
> Forgive me if this is already understood, but being able to read the
>terminal settings of another's terminal also means that you can set some
>of those definitions for them - including the famous 'stty 0' - and force
>another's terminal to do funny things to them....
> Does anybody know of any way to protect themselves against this other
>than the 'mesg n' which disallows ANY writing to your device?
>
>(piggott at bnl for replies + comments)
>
>
I wasn't going to be the first one to let the 'cat' out of the bag!!
But now the rest of the world knows how to hang up another person, I would
expect that more people are going to disallow writes to their terminal.
By allowing write permissions to your tty device, one can definitely hang
you up or do screwy things to your terminal (e.g. no echo or raw).
I know of no other way to protect youself other than removing write
permissions by others. If you use group ids on your system, you can permit
writes by other persons in your group by assuming that your group members
are friendly co-workers. Allowing write permissions to your terminal can
be dangerous if your terminal is capable of block-mode transmissions that
can be initiated from the host.
A possible solution would to to rework the write(1) command that would
use some other harmless bit in the mode of the tty device. There is however
an impact on other commands (e.g. nroff).
More information about the Net.bugs
mailing list