Re: Wall and talkd pass binary data

[PAUL () TDR COM (Paul Robinson)]

From: Paul Robinson <PAUL () TDR COM>
Organization: Tansin A. Darcos & Company, Silver Spring, MD USA
-----
Based on Information and Belief, on Tue, 19 Jul 1994 18:06:45 -0500 (CDT)
Rob Quinn <rjq () phys ksu edu>, was alleged to have belched out 
the following:

> talkd and walld both pass binary data (on Sun's at least). Here's some 
> source code I got from a friend. I informed Sun about the wall problem 
> several months ago. This source just sends a string to mess up your 
> fonts and such, but I've heard that some terminals have escape 
> sequences that will buffer strings and re-issue them as if the user 
> had typed them (I know there's an expression or term for that, but I 
> can't think of it). I searced for this sequence for xterm, but didn't 
> find one. I didn't look at any other terminal types.

The term is 'keyboard redefinition'.

> The date of this mail/source was June 9, so it's been out a while.

Not to disparage your comments - because stuff like this should be 
reported if it could be dangerous - but on the 80x86 class MS-DOS based 
computer field, this is a known problem.

The ANSI.SYS driver (ANSI.SYS is the terminal control feature which is
essentially DEC's VT100 terminal control routines) that comes with MS DOS
or PC DOS, allows someone to redefine the codes generated by keys.  And
because the codes are generally created by an escape sequence - usually
escape followed by [ - whenever a message is sent to the terminal starting
with that escape sequence, the ANSI.SYS driver does not directly display
that data stream, but instead acts upon it, whether it be to move the
cursor to a certain position or erase all or part of the screen, or, as
can be done, remap the keyboard to generate certain functions such as
programming the 'ENTER' key to generate the sequence 'FORMAT C:<CR>Y<CR>'
or 'ERASE \*.*<CR>Y<CR>.  (Now, Format requires you specify the volume id
of the hard drive in order to reformat, so this isn't as dangerous, but
the other could be bad.)

I'm not trying to hide what the command sequence is, I just don't
remember.  The following is an example, it will NOT reprogram the
keyboard, it is simply to explain that it's not that hard to do; something
on the order of

ESC [H0;6413"ERASE C:\*.*"13"Y"13;

Where "0;64" is the internal key code for the F1 key.  This would cause 
the F1 key, when pushed, to generate this sequence: <CR>ERASE 
C:\*.*<CR>Y<CR> which would erase all files in the root directory that 
don't have erase protection.  Fortunately, MSDOS' ERASE command DOES NOT 
have the equivalent of UNIX's very dangerous 'rm -rf /'

Many Unix utilities - such as the PINE mailer, which I am using now, and 
the NCFTP ftp program also generate ANSI control sequences in order to 
generate a formatted screen image. 

This was recognized as a problem because people can place comments in a 
ZIP archive file that is displayed when the archive is viewed or 
unpacked.  As a result, this can cause all sorts of nasty problems.  To 
compensate for this, new versions of PKUNZIP default to not generating 
ANSI codes unless enabled, and at least one release of a replacement 
ANSI.SYS driver (note: NOT FROM MICROSOFT OR IBM) that does not provide 
keyboard remapping is available.

The point being that the PC world has been aware of this problem for 
about three years now.  Software which is out there should reject 
keyboard redefinition commands because of the danger except under 
authorized conditions including a "password trigger".

---
Paul Robinson - Paul () TDR COM
Voted "Largest Polluter of the (IETF) list" by Randy Bush <randy () psg com>
-----
The following Automatic Fortune Cookie was selected only for this message:

"In defeat, unbeatable; in victory, unbearable."
                -- Winston Curchill, of Montgomery