Failure of iswind()

Tom Tkacik tkacik at kyzyl.mi.org
Mon May 27 21:22:20 AEST 1991 

In article <1991May24.203238.7990 at sci.ccny.cuny.edu> jeffrey at sci.ccny.cuny.edu (Jeffrey L Bromberger) writes:
>Just for fun, I tried the following command from my VAX to my
>ethernet'ted 3b1:
>
>% rsh notvax /usr/games/klondike
>
>Now, considering the fact that I'm not logged in on the console, this
>should fail.  This game, like many others, use iswind() to see if I'm
>on the bitmapped screen.  The logic should stop me if I'm not.
>But, it doesn't!  It overwrites the console display (without regard as
>to what or who is going on) with the game screen!

I wrote klondike, and have been told about (and verified)
this problem.  I have been looking into it, and discovered that it is
a problem only with properly written programs (no :-).
Not having any serial or ethernet connections, I have not worried about
it too much.

>Any idea why all these games (klondike/mahjongg/rocks/bugs) all have
>this behavior?  Is it only seen when using the ethernet package?  Does
>this happen if someone dials in via the OBM?  Is iswind() just plain
>drain-bamaged?

The problem is with the way winit(), iswind(), and wcreate() work together.
Wcreate() seems to return the parent window first, so that when it is changed
and the program quits, the parent is permanently changed.
This is fine only if the program is running from the UA, as the UA
always gives the new application a fresh window to play with.

I think that any program that changes the parent window is being rude, so
all of my programs first close file descriptors 0, 1, and 2, and then
open /dev/window to get a fresh window.  Now that a true window has
been opened, iswind() says everything is ok.

The fix is to write my own iswind() routine that I can call before playing
with the file descriptors, (the current one can only be called after calling
winit() which must be called after opening a new window).

When most machines were standalone, (as mine still is), it did not
matter much whether iswind() worked.  But now that there are 3b1's being
networked or having serial connections I guess it's time to write my own
iswind(), and patch to klondike, mahjongg, etc. once and for all.

>Isn't this some bizarre sort of security hole?!?

Iswind() is not the security hole, it merely shows that there is a problem.
Any application can open /dev/window and get a fresh window on the console.
I do not think that there is any way to prevent it.
-- 
Tom Tkacik                |
tkacik at kyzyl.mi.org       |     To rent this space, call 1-800-555-QUIP.
...!rphroy!kyzyl!tkacik   |

More information about the Comp.sys.3b1 mailing list