Security fixes for smart terminals
utzoo!decvax!ucbvax!ihnss!houxi!npois!harpo!cbosg!teklabs!tekmdp!grahamr
utzoo!decvax!ucbvax!ihnss!houxi!npois!harpo!cbosg!teklabs!tekmdp!grahamr
Wed Mar 10 14:02:18 AEST 1982
The problem is sending ARBITRARY data upon request FROM the
system. It doesn't include sending the terminal type--if it's in rom
or given at the keyboard--or sending the cursor position. Several
fixes come to mind, from a switch that turns off these features to a
keyboard- or rom-defined prefix for such transmissions. It's clear
that the problem is in the terminal. Any software solutions are
probably full of holes. Anybody have a PROM scrambler?
"mesg n" prevents opening, not writing. All that's needed is
to complete the open call before "mesg" runs. Letter bombs are also a
problem. My terminal has a keyboard lock feature. It's easy to send a
letter that locks my keyboard while it does its dirty work. I think
there's a "reset" button I can hit, but I probably won't hit it quick
enough. Besides, it can be reprogrammed!
A kludge for MH systems to get around the letter bomb problem
is to have "l" rewritten as something like:
cat $* | sed -n l
This might be done on a per-user basis if show used execvp. It doesn't.
More information about the Comp.unix.wizards
mailing list