Finding Passwords

Donald Nichols ceilidh!dnichols at uunet.uu.net
Sun Oct 14 05:38:39 AEST 1990 

"Anton Rang says:"
> 
> In article <24752 at adm.BRL.MIL> emsca!usb!poc at sun.com writes:
> >A simpler solution is this: any non-privileged process writing a BEL
> >(Ctrl-G) to the terminal has it duplicated in the tt output queue, i.e.
> >	write (1, "\007", 1);
> >has the effect of
> >	write (1, "\007\007", 2);
> >Privileged processes on the other hand do not suffer this modification.
> 
>   Eesh.  Seems like an even worse hack to me.  For one thing, every
> time the computer beeps at me it'll do it twice now.  More
> importantly, the terminal I'm using at this very instant doesn't
> distinguish a single beep and two beeps in a row, at high baud
> rates....
> 
> 	Anton

	Not only this, it will also mess up anything that is sending binary
data to the terminal (Which may be another computer).

	If a file is being transferred using xmodem protocol (or any of many
others) it will fail when any `007` is doubled, causing the checksum not to
match.  (Even if it is a text file, there is a good chance that the checksum
will be '\007' once in a while.)

	Also, it will mess up graphics going to some devices like a Tek 4014,
or other device that does not use purely printing chars for graphics.  (I
may misremember, but I think that the Tek does not bias the chars
representing plot positions by adding 0x20 to them.)  It will certainly mess
up any raster graphics being sent to something like a HP Laserjet using a
serial port.

	What about cursor positioning sequences on some terminals?

	I'm not sure what kind of data is sent to a terminal running
x-windows or such, since I don't have access to one to play with.

	If it can be turned off by ioctl, it is no good against a trojan,
since the trojan can turn off the behavior, then simualte it as necessary.
If it CAN'T be turned off, it will break the above types of activity.

	This might be practical in a system running only ONE type of
terminal which has been designed or selected to avoid all these pitfalls,
and on which NO ONE may connect anything else.  (This means no dial-in modem
connections either.)

-- 
Donald Nichols (DoN.)		| Voice (Days):	(703) 664-1585
D&D Data			| Voice (Eves):	(703) 938-4564
Disclaimer: from here - None	| Email:	<dnichols at ceilidh.beartrack.com>
	--- Black Holes are where God is dividing by zero ---

More information about the Comp.unix.internals mailing list