Atekmdp.1119
net.unix-wizards
utcsrgv!utzoo!decvax!ucbvax!ihnss!houxi!npois!harpo!cbosg!teklabs!tekmdp!grahamr
Wed Mar 10 14:02:18 1982
Security fixes for smart terminals
       The problem is sending ARBITRARY data upon request FROM the
system.  It doesn't include sending the terminal type--if it's in rom
or given at the keyboard--or sending the cursor position.  Several
fixes come to mind, from a switch that turns off these features to a
keyboard- or rom-defined prefix for such transmissions.  It's clear
that the problem is in the terminal.  Any software solutions are
probably full of holes.  Anybody have a PROM scrambler?
       "mesg n" prevents opening, not writing.  All that's needed is
to complete the open call before "mesg" runs.  Letter bombs are also a
problem.  My terminal has a keyboard lock feature.  It's easy to send a
letter that locks my keyboard while it does its dirty work.  I think
there's a "reset" button I can hit, but I probably won't hit it quick
enough.  Besides, it can be reprogrammed!
       A kludge for MH systems to get around the letter bomb problem
is to have "l" rewritten as something like:
               cat $* | sed -n l
This might be done on a per-user basis if show used execvp.  It doesn't.

-----------------------------------------------------------------
gopher://quux.org/ conversion by John Goerzen <[email protected]>
of http://communication.ucsd.edu/A-News/


This Usenet Oldnews Archive
article may be copied and distributed freely, provided:

1. There is no money collected for the text(s) of the articles.

2. The following notice remains appended to each copy:

The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996
Bruce Jones, Henry Spencer, David Wiseman.

You are viewing proxied material from infinitelyremote.com. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.