TIOCCDTR (bug|feature)
WrongLogin at erewhon.UUCP
WrongLogin at erewhon.UUCP
Sat Jun 18 08:09:37 AEST 1983
I'm going to echo Kenneth Almquist's comment that we shouldn't hack
the terminal drivers to prevent one user from stty'ing another
user's writable terminal when escape sequences are just as bad.
Two years ago, there was a discovery at Berkeley that the press
mangled into "Nasty college students find HUGE security hole in
UNIX" (The "UNIX" being a computer made by DEC.)
What really happened was a rediscovery of the fact that many
computer terminals respond to escape sequences. On an HP terminal,
a escape sequence will cause the terminal to echo whatever is
currently on the screen, and the computer or course assumes that
this was typed by the user. Thus you could write:
stty 0 <magic-escape-sequence>
onto somebody's terminal, and zap him/her just as badly.
(For that matter, there is a "Disconnect Modem" sequence that will
do the same job much faster. I once had a good game of rogue
interrupted by someone who had been discussing UNIX security with
me.)
Ann Nonymous @ erewhon
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list