Preventing Idle in telnet, security, and bg.

Kartik Subbarao subbarao at phoenix.Princeton.EDU
Sat Sep 29 01:40:06 AEST 1990 

In article <DAVIS.90Sep28015809 at pacific.mps.ohio-state.edu> davis at pacific.mps.ohio-state.edu  (John E. Davis) writes:
>Hi,
>
>   I have a vt320 that I use all the time.  When I logon to our system, I
>start up a process in the background that sleeps for a minute, checks my
>mailbox for newmail then just before going back to sleep, it sends the time
>and number of mail messages to my vt320 status line.  It has worked fine so
>far with no problems.
>
>   However, sometimes I forget to kill it before I logout.  I was wondering
>what is the best way to put it into the background so that when I logout, it
>dies?  I wrote the program in c, if this helps.

There are a few ways for doing this -- one is to use sh (yuk),
another is to get the program "hup" (for csh like shells). hup will simply
kill the process upon logout. A third is to get the PID of the program 
and then just kill -9 PID in .logout. (There are many posted ways of 
killing daemons).

>   A friend of mine once told me that when he logged on, it started writing to
>his terminal.  Apparantly, I was once attached to that tty and left it
>executing when I logged out.  I really do not understand this particular
>occurence at all.  Perhaps some kind soul will tell me what happened.

Well - that's simple enough. If you run a program, and then log out (in csh
and the normal world) -- it can still run. If it had opened the tty to 
write to it, under most systems it still is allowed to write to the tty
afterwards. I'm sure that Dan Bernstein will attest that his pty program can
stop that from happening...anyway, if the process can write to the tty, then
it can put whatever it wants on it.

>On another subject,  One person on our system has in his home directory an
>executable file called 'ls'.  Here it is:
>
>#! /bin/sh
>/bin/ls -FC
>echo `whoami` `hostname` `tty`  `date` >> public/log
>exit 0
>
>What happens, is if someone steps into this directory and types 'ls' this
>thing takes his picture.  In principle, he could add a few more lines to copy
>and delete mail, etc...  Although this 'ls' is harmless, it is conceivable
>that great damage could have been done. Is this considered a security problem?
>I do not advocate snooping around the system, however if one is new as I am to
>the unix world, then one can benifit by seeing what other people have.  For
>example, by looking in other .emacs files, I learned alot of things about
>setting up the arrow keys for my terminal.  

Besides, isn't any file with world
>read access considered to be in the public domain? 

But his directory could be mode 711, that is, you couldn't ls the directory
but only ls specific files.

You know, the sad thing about this is I actually HAD an ls script in my home
directory that was a really really SAD attempt to do what you say. (Good thing
I wisened up FAST). There are only TWO ways that the ls script would ever
be executed:

a) If the person is such a fool and has "." as the first element of their path
   (and/or doesn't alias his commands). Then obviously ANY command that has
   the same name in that directory would be executed

b) If the person WANTED to see if a ./ls existed and specified that.

either way, it's a really sad thing to do.

If you have the right path, then there is no harm in snooping. Heck, about the 
only way TO learn is BY snooping around. I don't know how many countless
.cshrc's, .login's, .mailrc's etc I've read when I was learning how to use
UNIX. Have fun.


			-Kartik



			


(I need a new .signature -- any suggestions?)
subbarao@{phoenix or gauguin}.Princeton.EDU -|Internet
kartik at silvertone.Princeton.EDU (NeXT mail)       -|	
SUBBARAO at PUCC.BITNET			          - Bitnet

More information about the Comp.unix.questions mailing list