[1599] in bugtraq
Re: SUMMARY: AntiFlash talkd
daemon@ATHENA.MIT.EDU (Aleph One)
Mon Apr 24 19:29:23 1995
Date: Mon, 24 Apr 1995 15:50:20 -0500 (CDT)
From: Aleph One <aleph1@dfw.net>
To: Richard Allen <ra@rhi.hi.is>
Cc: bugtraq@fc.net
In-Reply-To: <199504241103.LAA08203@strympa.rhi.hi.is>
Be aware that there was a bug in the antiflash hate mail talkd
where any command could be run as the id talkd was running under.
I dont recall if this was discussed here, but it was in linux-security.
Basicly the program uses a system call (*sic*) to send the hate mail. It
does not check the address its mailing to and it could be a string such as
satan@bi.fish.com;echo "Satan has back" > /vmlinux
well you get the idea... 8)
"Use to source Luke"
On Mon, 24 Apr 1995, Richard Allen wrote:
>
> I have recived quite alot of mail regarding my request for a talk daemon
> that can remove those annoying flashes. Apparently this is a hot issue,
> many people sent me Email saying that they where interested in this matter.
>
>
> Here are the most interesting replys I have recived so far.
>
> sameer <sameer@c2.org> wrote:
>
> > I hacked up ntalkd to make flashes useless. (It just checks to
> > see if every character works in isprint() -- if not then it prints -
> > instead of thata character..) I also hacked ntalkd to do filtering
> > based on remote user and remote site. (Controlled by a file
> > ~/.talkdrc)
> > I couldn't find source to talkd which would work thogh so I
> > couldn't hack talkd. Only ntalkd.
> > It didn't do logging of flashes.
>
>
>
> "Martin J. Laubach" <mjl@CSlab.tuwien.ac.at> wrote:
>
> > I have overhauled a linux talkd to filter control characters
> > and log such occurences. It also checks for the calling host
> > in the talk packet being the same as the host the packet came
> > from and yell if they don't match as well.
> >
> > It works on OSF/1, probably linux with little modifications.
> >
> > mjl
>
>
> "James M. Golovich" <statik@squeaky.free.org> wrote:
>
> > I dont know about for any other operating systems, but for linux, someone
> > wrote or edited a talkd that filters them.. You can ftp it from
> > sunsite.unc.edu, it is /pub/Linux/system/Network/chat/talkd.bomb_proof.tgz
> > I believe there was the source in there.. I am currently running it.. it
> > logs them to your syslog like this:
> > Apr 19 22:19:26 whitehouse talkd[4694]: blocked
> > VT100 BOMB to user: static (apparently from: localhost)
> >
> > I ran flash localy to the user static..
> >
> > hope this helped
>
>
>
> Shortly after I sent my request to bugtraq, I got an idea to look around
> on my local Linux mirror and found "talkd+antiflash+hatemail.tar.gz"
> which basicly filters out flashes and then sends automatic 'hatemail' to
> root@remote.site
>
> However, I ran into problems compiling it on our HP9000's, Linux
> apparently has a '<protocols/talkd.h>' in it's system includes.
>
> Best regards,
> Richard Allen
> --
> #include <std/sig.h>
>
