Amazing Maze is amazing

Lenny Tropiano lenny at icus.islp.ny.us
Mon Oct 24 15:01:51 AEST 1988 

In article <117 at ureka.UUCP> charlie at ureka.UUCP (charlie crassi) writes:
|>
|>I had a new user to ureka call me when his terminal got hung up. What I found
|>I could not explain so I hope perhaps Lenny, John, or some other UNIX-PC jock
|>can assist.
|>
UNIX PC jock, I guess that's a complement (Thanks) ;-) 

|>Nobody was logged in at the console, and Duane had called in on his IBM PC
|>clone running Procomm version ?? in the VT100 emulator mode.
|>
|>He called up the User Agent (bad no no) and selected Toybox. In Toybox he 
|>called up Hic's Amazing Maze from THE STORE. At this point, his terminal 
|>locked up and Amazing Maze fired up on the Console with nobody logged in. 
|>However, it only painted the first 2 screens and stayed in the 3D Maze 
|>entrance accepting NO keyboard input.
|>
Well firstly calling up the User Agent from a remote terminal is valid
(although I don't particularly condone users running the user agent [one
of the major security holes on the unix-pc])  The bad part was Duane called
up Hic's Amazing Maze program that will *only* work on a bit-mapped
screen (ie. unix-pc console),  that was the bad no no.

|>My questions are:
|>
|>1) How did this get started up on w1 ? It was running with a uid of 0.
|>
Well if you look at /usr/lib/ua/Toybox you will see an entry with:

Name=Amazing Maze
Default=Run
Run=EXEC -pwd /usr/games/Amazing
          ^^^

The reason why it was running on w1 was /usr/games/Amazing opens up /dev/window
to do all the bit-mapped screen handling.  The reason it was uid 0 was because
of the "p" option in the EXEC statement.   If you look in the ua(4) in the
User's Manual you will see the explanation of the -p option to EXEC.  

	"-p	Run the process with superuser privileges"

This is the biggest security flaw the user agent has to offer...

|>2) Why did it disable both terminals ?
|>
Well it really didn't disable your console, you could have probably switched
back to the window the getty was running on and logged in fine [this I'm
not sure of but in theory it should work ???]  As for his terminal, it was
feeding the input to the game.  It's kinda weird cause I did this once
at work.  I was able to make the moves on the remote terminal and see
the results on the unix-pc screen.  If he hit the escape sequence for "EXIT"
it might have fixed both screens!

Stay away from programs that use the bitmapped window capabilities of
the UNIX PC on remote terminals.

I hope this sheds some light on your problem.
-Lenny
-- 
Lenny Tropiano             ICUS Software Systems         [w] +1 (516) 582-5525
lenny at icus.islp.ny.us      Telex; 154232428 ICUS         [h] +1 (516) 968-8576
{talcott,decuac,boulder,hombre,pacbell,sbcs}!icus!lenny  attmail!icus!lenny
        ICUS Software Systems -- PO Box 1; Islip Terrace, NY  11752

More information about the Unix-pc.bugs mailing list