Aduke.1873 net.followup utcsrgv!utzoo!decvax!duke!bcw Fri Mar 12 02:11:12 1982 Re: On telling people not to crack security Mark's partly right; it is possible to protect against *some* abuses of smart terminals. There are still a couple of problems with his proposed solution: 1) Some terminals (such as the Hazeltine) use characters other than the 000-037 (octal) [the nonprinting characters less than space] to lead in to control sequences. In the case of the Hazeltine, the lead-in charalter is the ~, of all things. Other terminals use things like } as the lead-in character. I'm not sure you could arrange to be very safe unless you disallowed all of the lower case characters (0140-0177 [octal]) as well, although even then there may be some offending terminal somewhere which uses something like \\ as a lead-in character. 2) Although the simple-minded letter bombs like mail bombs have been fixed by this method (with the reservations mentioned above), there's still the problem of readable files. A similar problem already exists for any *programs* executed by the super user, but it's easy to forget (or not even realize) the problem with the *terminal* even if the system manager is aware of the problem with *programs*. 3) Don't forget news! This has the same potential as a letter bomb, if anybody can submit an article to it at a particular site. 4) Then there's all kinds of other programs (even Empire telegram files could be abused this way) which would also have to be fixed. Have fun thinking about this -- the possibilities are probably endless, though I think we have a pretty good start. In fairness to Unix, there are a lot of systems which are in a *much* worse situation, there's not even the possibility of making them secure even in principle ... Bruce C. Wright @ Duke University ----------------------------------------------------------------- gopher://quux.org/ conversion by John Goerzen of http://communication.ucsd.edu/A-News/ This Usenet Oldnews Archive article may be copied and distributed freely, provided: 1. There is no money collected for the text(s) of the articles. 2. The following notice remains appended to each copy: The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996 Bruce Jones, Henry Spencer, David Wiseman.