This is talk-says-"You-dont-exist.-Go-away." in view mode; [Up]
Date: Sun 29-Dec-1991 06:22:30 From: jeffo@uiuc.edu (J.B. Nicholson) Subject: talk says "You don't exist. Go away." (help needed) I have a problem with talk where when I use it all I get is "You don't exist. Go away." instead of the usual talk screen (I'm using a valid address and correct syntax). It happens with Stuart and the terminal called up from the File Viewer. Any help? Please email me. Thanks.
Date: Sun 30-Dec-1991 03:01:28 From: mikep@dragoman.uucp Subject: Re: talk says "You don't exist. Go away." (help needed) jeffo@uiuc.edu (J.B. Nicholson) writes: >I have a problem with talk where when I use it all I get is "You don't exist. >Go away." instead of the usual talk screen (I'm using a valid address and >correct syntax). It happens with Stuart and the terminal called up from the >File Viewer. Any help? Please email me. Jeff the reason is talk cannot find an entry for your shell window in the /etc/utmp file. From the shell window type "w" and it will list the active "logins", also try "tty" it will list the current tty that shell window is using. If your current tty is not listed with the "w" command then talk will not work. The solution is to get terminal/stuart/shell emulator to write an entry into the /etc/utmp file. Either the shell window program must run suid to root or you can change the mode of /etc/utmp to 666. ie chmod 666 /etc/utmp as root. >-- jeffo@uiuc.edu (NeXTmail accepted) Mike
Date: Sun 30-Dec-1991 07:08:39 From: cedman@714-725-3177.nts.uci.edu (Carl Edman) Subject: Re: talk says "You don't exist. Go away." (help needed) mikep@dragoman.uucp writes > Jeff the reason is talk cannot find an entry for your shell window > in the /etc/utmp file. From the shell window type "w" and it will > list the active "logins", also try "tty" it will list the current > tty that shell window is using. If your current tty is not listed > with the "w" command then talk will not work. > > The solution is to get terminal/stuart/shell emulator to write an > entry into the /etc/utmp file. Either the shell window program must > run suid to root or you can change the mode of /etc/utmp to 666. ie > chmod 666 /etc/utmp as root. By all means do the former, not the later ! A hacker with half a brain could do all kinds of mischief with a publicly writable utmp/wtmp (which is something else broken by having the wrong permissions on terminal/stuart/login/whatever). Carl Edman
Date: Sun 30-Dec-1991 10:09:39 From: sef@kithrup.COM (Sean Eric Fagan) Subject: Re: talk says "You don't exist. Go away." (help needed) In article <295EC5F7.15300@orion.oac.uci.edu> cedman@golem.ps.uci.edu writes: >By all means do the former, not the later ! A hacker with half a brain could >do all kinds of mischief with a publicly writable utmp/wtmp Like what, prey tell? Produce a core-dump from some utility? Oooh... yeah, that's all sorts of mischief (well, in some ways, yeah, I suppose so). I am aware that a problem supposedly existed in sunos with comsat and world-writable utmp files, but that's about it. And since comsat will only write to the specified file if the owner-execute is bit (which is not true for just about any character-special file of interest), there would seem to have been a bug in that version (hopefully, not in others). Requiring SUID-root to write to utmp is pretty silly, as there are not only better ways to do it (SGID to some group), but lots of programs could do things that write to utmp. (Emacs, in a shell window, for example, or script, or any program that opens up a pty for some reason.) There *are* things other than SUID-root that can be done; it is inviting a security risk to think only of that solution.
Date: Sun 30-Dec-1991 17:28:43 From: cedman@714-725-3177.nts.uci.edu (Carl Edman) Subject: Re: talk says "You don't exist. Go away." (help needed) Sean Eric Fagan writes > Requiring SUID-root to write to utmp is pretty silly, as there are not only > better ways to do it (SGID to some group), but lots of programs could do > things that write to utmp. (Emacs, in a shell window, for example, or > script, or any program that opens up a pty for some reason.) > > There *are* things other than SUID-root that can be done; it is inviting a > security risk to think only of that solution. Yes, I agree SUID can be dangerous. Yes, I agree SGID would have been a lot better. No, I most definitely don't agree that a world writeable utmp/wtmp is completely harmless. No, it is not as bad as a world writeable /etc/passwd (on machines which use it). If it was I would have used stronger words than mischief. Still a world writeable [uw]tmp can at the very least be used to frustrate attempts to trace hackers and under some circumstances can be used to do a lot more than that (yes, even break security - yes, even on systems without bugs in that code). Carl Edman
Date: Sun 30-Dec-1991 19:09:03 From: vhs@darkcube.radig.de (Volker Herminghaus-Shirai) Subject: Re: talk says "You don't exist. Go away." (help needed) In article <295EC5F7.15300@orion.oac.uci.edu> cedman@714-725-3177.nts.uci.edu (Carl Edman) writes: > mikep@dragoman.uucp writes > > Jeff the reason is talk cannot find an entry for your shell window > > in the /etc/utmp file. [stuff deleted] > > The solution is to get terminal/stuart/shell emulator to write an > > entry into the /etc/utmp file. Either the shell window program must > > run suid to root or you can change the mode of /etc/utmp to 666. ie > > chmod 666 /etc/utmp as root. > > By all means do the former, not the later ! A hacker with half a brain could do > all kinds of mischief with a publicly writable utmp/wtmp (which is something > else broken by having the wrong permissions on terminal/stuart/login/whatever). I think any hacker with even a quarter-brain could do horrible things to the whole system if you give her a setuid-root-shell. Unless Stuart/Terminal explicitly sets the uid/gid when starting up a shell window, suid-ing it root is IMHO the most dangerous approach.
Date: Sun 31-Dec-1991 02:22:20 From: cedman@714-725-3177.nts.uci.edu (Carl Edman) Subject: Re: talk says "You don't exist. Go away." (help needed) Volker Herminghaus-Shirai writes > In article <295EC5F7.15300@orion.oac.uci.edu> cedman@714-725-3177.nts.uci.edu > (Carl Edman) writes: > > mikep@dragoman.uucp writes > > > Jeff the reason is talk cannot find an entry for your shell window > > > in the /etc/utmp file. > > [stuff deleted] > > > > The solution is to get terminal/stuart/shell emulator to write an > > > entry into the /etc/utmp file. Either the shell window program must > > > run suid to root or you can change the mode of /etc/utmp to 666. ie > > > chmod 666 /etc/utmp as root. > > > > By all means do the former, not the later ! A hacker with half a brain > > could do all kinds of mischief with a publicly writable utmp/wtmp > > (which is something else broken by having the wrong permissions on > > terminal/stuart/login/whatever). > > I think any hacker with even a quarter-brain could do horrible things to > the whole system if you give her a setuid-root-shell. Unless Stuart/Terminal > explicitly sets the uid/gid when starting up a shell window, suid-ing it > root is IMHO the most dangerous approach. And of course any shell programmer with more than an eight of a brain (which I think it is fairly safe to assume that Scott Hess (author of both Terminal and Stuart) has) would not put an explicit statement that Stuart _should_ be run with mode 6755, ownership root.ttys (just like Terminal comes on a NeXT system) and then forget to reset the uid/gid. I will refrain from comments on the fractional brainsize of posters who make such wild accusations without once bothering to 'll /NextApps/Terminal' or 'man Stuart'. Carl Edman
Date: Sun 30-Dec-1991 22:38:55 From: vhs@darkcube.radig.de (Volker Herminghaus-Shirai) Subject: Re: talk says "You don't exist. Go away." (help needed) In article <1991Dec30.100939.27591@kithrup.COM> sef@kithrup.COM (Sean Eric Fagan) writes: [stuff deleted] > And since comsat will only > write to the specified file if the owner-execute is bit (which is not true > for just about any character-special file of interest), there would seem to > have been a bug in that version (hopefully, not in others). [more stuff deleted] What does "the owner-execute is bit" mean?
These are the contents of the former NiCE NeXT User Group NeXTSTEP/OpenStep software archive, currently hosted by Marcel Waldvogel and Netfuture.ch.