Why 4BSD 'stty' uses stdout instead of stdin
gwyn at brl-tgr.UUCP
gwyn at brl-tgr.UUCP
Wed Aug 22 01:49:54 AEST 1984
Relay-Version: version B 2.10 5/3/83 based; site houxm.UUCP
Posting-Version: version B 2.10.1 6/24/83; site brl-tgr.ARPA
Message-ID: <4139 at brl-tgr.ARPA>
Date: Tue, 21-Aug-84 11:49:54 EDT
Date-Received: Tue, 28-Aug-84 06:15:09 EDT
tty' uses stdout instead of stdin
Organization: Ballistics Research Lab
Lines: 16
Ioctl() is not the only problem; consider
cat /unix >/dev/tty01
where some fool has left his terminal (/dev/tty01) writable to the world.
Worse yet, send him a character sequence like
HOME CR LF cd; find . -exec chmod 777 {} \; &
CLEAR_TO_END_OF_SCREEN HOME DUMP_SCREEN CLEAR
(using the appropriate codes for his terminal type) and you will get him
to chmod all his files so you can play with them. Short of refusing to
purchase terminals with a DUMP_SCREEN feature (or programmable function
keys that can be both programmed and played back under computer control),
the only way to avoid this security bug (which could be REALLY bad if the
victim is super-user at the time) is to prevent writes on terminals by
other users except via trusted system code.
When a user is not logged in, the terminal can be writable. This is
handy for daisy-wheel printers, for example.
More information about the Net.bugs
mailing list