OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 2nd quarter (Apr-Jun) 1995: Re: SUMMARY: AntiFlash talkd

Re: SUMMARY: AntiFlash talkd

Aleph One (aleph1dfw.net)
Mon, 24 Apr 1995 15:50:20 -0500 (CDT)

Be aware that there was a bug in the antiflash hate mail talkd
where any command could be run as the id talkd was running under.
I dont recall if this was discussed here, but it was in linux-security.
Basicly the program uses a system call (*sic*) to send the hate mail. It 
does not check the address its mailing to and it could be a string such as

satanbi.fish.com;echo "Satan has back" > /vmlinux

well you get the idea... 8)

"Use to source Luke"

On Mon, 24 Apr 1995, Richard Allen wrote:

> 
> I have recived quite alot of mail regarding my request for a talk daemon
> that can remove those annoying flashes. Apparently this is a hot issue,
> many people sent me Email saying that they where interested in this matter.
> 
> 
> Here are the most interesting replys I have recived so far.
> 
> sameer <sameerc2.org> wrote:
> 
> >         I hacked up ntalkd to make flashes useless. (It just checks to
> > see if every character works in isprint() -- if not then it prints -
> > instead of thata character..) I also hacked ntalkd to do filtering
> > based on remote user and remote site. (Controlled by a file
> > ~/.talkdrc)
> >         I couldn't find source to talkd which would work thogh so I
> > couldn't hack talkd. Only ntalkd.
> >         It didn't do logging of flashes.
> 
> 
> 
> "Martin J. Laubach" <mjlCSlab.tuwien.ac.at> wrote:
> 
> >   I have overhauled a linux talkd to filter control characters
> > and log such occurences. It also checks for the calling host
> > in the talk packet being the same as the host the packet came
> > from and yell if they don't match as well.
> > 
> >   It works on OSF/1, probably linux with little modifications.
> > 
> >         mjl
> 
> 
> "James M. Golovich" <statiksqueaky.free.org> wrote:
> 
> > I dont know about for any other operating systems, but for linux, someone 
> > wrote or edited a talkd that filters them.. You can ftp it from 
> > sunsite.unc.edu, it is /pub/Linux/system/Network/chat/talkd.bomb_proof.tgz
> > I believe there was the source in there.. I am currently running it.. it 
> > logs them to your syslog like this: 
> > Apr 19 22:19:26 whitehouse talkd[4694]: blocked 
> > VT100 BOMB to user: static (apparently from: localhost)
> > 
> > I ran flash localy to the user static.. 
> > 
> > hope this helped
> 
> 
> 
> Shortly after I sent my request to bugtraq, I got an idea to look around
> on my local Linux mirror and found "talkd+antiflash+hatemail.tar.gz"
> which basicly filters out flashes and then sends automatic 'hatemail' to
> rootremote.site
> 
> However, I ran into problems compiling it on our HP9000's, Linux
> apparently has a '<protocols/talkd.h>' in it's system includes.
> 
> Best regards,
> Richard Allen
> --
> #include <std/sig.h>
>