[1790] in Athena Bugs
Re: 6.1A: /usr/bin/mesg
daemon@ATHENA.MIT.EDU (probe@ATHENA.MIT.EDU)
Thu Feb 16 01:44:20 1989
From: <probe@ATHENA.MIT.EDU>
Date: Thu, 16 Feb 89 01:44:06 EST
To: probe@ATHENA.MIT.EDU
Cc: vs-testers@ATHENA.MIT.EDU, rt-testers@ATHENA.MIT.EDU, bugs@ATHENA.MIT.EDU
In-Reply-To: Richard Basch's message of Thu, 16 Feb 89 01:36:48 EST,
Reply-To: Richard Basch <probe@ATHENA.MIT.EDU>
> I suspect the problem is in /etc/xterm (my version of /etc/xterm is
> setuid root, even though this is a problem on the packs). Notice that
> it was set to be owned by my default group as opposed to being owned by
> group "tty" and also notice that it is world-writable. The BSD 4.3
> standard is to have it only be group-writable and owned by group "tty".
> This way, some terminals such as true H19's aren't in danger of being
> sent escape sequences that could force characters into the queue or be
> subject to other such malevolent actions.
I just realized I may have seemingly contradicted myself in this
paragraph. I stated that /etc/xterm is probably the cause of the
problem and then proceeded to explain about a security issue with H19's.
Even though these are not quite the same thing, the same potential for
malevolent actions exist by leaving it world-writable. I agree that
/etc/xterm does not accept all of the escape sequences that would cause
keystrokes to be forced into the queue, but they can certainly cause the
xterm user some aggravation.
-Richard
