[4551] in bugtraq
Re: write(1)
daemon@ATHENA.MIT.EDU (Jauder Ho)
Thu May 22 16:44:38 1997
Date: Thu, 22 May 1997 11:20:44 -0700
Reply-To: Jauder Ho <jauderho@NETCOM.COM>
From: Jauder Ho <jauderho@NETCOM.COM>
X-To: test <butafuco@MC.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.BSI.3.96.970521212854.14294A-100000@maxx.mc.net>
to do the beep....
try \cG
print(JIM "\cG\nMessage from $ARGV[1]\@$host on $terminal at $time ...\n");
--Jauder (Perl is your friend!)
On Wed, 21 May 1997, test wrote:
> Program Effected: write(1)
> Impact: Mostly Harmless
>
> It is trivial to spoof a write from one user to the next locally
> on a system by faking an "EOF". This ofcourse does not effect
> users who have turned off their write permissions. It's also
> fairly noticeable by the lack of any beep.
>
>
> print(JIM "\nMessage from $ARGV[1]\@$host on $terminal at $time ...\n");
> foreach $line (@to_write){
> sleep $delay;
> print (JIM "$line\n");
> }
> $| = 0;
> close(JIM);
> -------------------------------swrite----------------------------------------
>
> example usage...
>
> Un*x % echo The System is going down IMMIDIATELY\! | ./swrite \
> user root console
>
>
> If your an absolute paranoid, here are the diff's of an incomplete
> patch for write.c.. it's a start anyhow.
>
> 281c281,284
> < while (fgets(line, sizeof(line), stdin) != NULL)
> ---
> > while (fgets(line, sizeof(line), stdin) != NULL){
> > if(!strcmp(line, "EOF\n")){
> > (void)strcpy(line, "EOF <-- Warning: Not End of File.\n");
> > }
> 282a286
> > }
>
>
> It'll work for "EOF" just not for "EOF " or "EOF " etc...
>
.sig under construction
