Acbosgd.2105
net.followup
utcsrgv!utzoo!decvax!ucbvax!ihnss!houxi!houxf!houxe!lime!vax135!harpo!cbosg!cbosgd!mark
Thu Mar 11 09:41:40 1982
Re: On telling people ont to crack security
Come on, folks, it can't be THAT hard to fix your UNIX to disallow the
block transmit hook! Here is a proposed fix - refinements are welcome.
Modify the /bin/mail (or /etc/delivermail), write, and wall programs
to remove all non-printing non-space characters from their input
(e.g. keep all isprint, isspace, ' ', and '\08' chars).
Change the default mode of terminals from 644 to 600. This requires a
different convention for mesg - I propose turning on the owner xqt bit
means mesg n. Change write and wall to understand this.
write and wall must be made suid, with the appropriate careful check for
shell ! escapes.
Note that UNIX is more vulnerable to this bug than most systems because
other people's tty's are by default writable. There are other systems
that don't even have a notion of what the other guys tty is.
The solution of not buying any terminal with remote transmit for super
users is downright stupid. The very guys who are going to be super
users are the ones that expect the most from their terminals, and to
get a terminal WITHOUT that feature you probably have to settle for
something stupid like an adm3a or tty 33. I know what I'D say if
they gave me a choice between a reasonable terminal and the root password.
Mark Horton
-----------------------------------------------------------------
gopher://quux.org/ conversion by John Goerzen <
[email protected]>
of
http://communication.ucsd.edu/A-News/
This Usenet Oldnews Archive
article may be copied and distributed freely, provided:
1. There is no money collected for the text(s) of the articles.
2. The following notice remains appended to each copy:
The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996
Bruce Jones, Henry Spencer, David Wiseman.
