Home page logo

bugtraq logo Bugtraq mailing list archives

Re: SUMMARY: AntiFlash talkd
From: aleph1 () dfw net (Aleph One)
Date: Mon, 24 Apr 1995 15:50:20 -0500 (CDT)

Be aware that there was a bug in the antiflash hate mail talkd
where any command could be run as the id talkd was running under.
I dont recall if this was discussed here, but it was in linux-security.
Basicly the program uses a system call (*sic*) to send the hate mail. It 
does not check the address its mailing to and it could be a string such as

satan () bi fish com;echo "Satan has back" > /vmlinux

well you get the idea... 8)

"Use to source Luke"

On Mon, 24 Apr 1995, Richard Allen wrote:

I have recived quite alot of mail regarding my request for a talk daemon
that can remove those annoying flashes. Apparently this is a hot issue,
many people sent me Email saying that they where interested in this matter.

Here are the most interesting replys I have recived so far.

sameer <sameer () c2 org> wrote:

        I hacked up ntalkd to make flashes useless. (It just checks to
see if every character works in isprint() -- if not then it prints -
instead of thata character..) I also hacked ntalkd to do filtering
based on remote user and remote site. (Controlled by a file
        I couldn't find source to talkd which would work thogh so I
couldn't hack talkd. Only ntalkd.
        It didn't do logging of flashes.

"Martin J. Laubach" <mjl () CSlab tuwien ac at> wrote:

  I have overhauled a linux talkd to filter control characters
and log such occurences. It also checks for the calling host
in the talk packet being the same as the host the packet came
from and yell if they don't match as well.

  It works on OSF/1, probably linux with little modifications.


"James M. Golovich" <statik () squeaky free org> wrote:

I dont know about for any other operating systems, but for linux, someone 
wrote or edited a talkd that filters them.. You can ftp it from 
sunsite.unc.edu, it is /pub/Linux/system/Network/chat/talkd.bomb_proof.tgz
I believe there was the source in there.. I am currently running it.. it 
logs them to your syslog like this: 
Apr 19 22:19:26 whitehouse talkd[4694]: blocked 
VT100 BOMB to user: static (apparently from: localhost)

I ran flash localy to the user static.. 

hope this helped

Shortly after I sent my request to bugtraq, I got an idea to look around
on my local Linux mirror and found "talkd+antiflash+hatemail.tar.gz"
which basicly filters out flashes and then sends automatic 'hatemail' to
root () remote site

However, I ran into problems compiling it on our HP9000's, Linux
apparently has a '<protocols/talkd.h>' in it's system includes.

Best regards,
Richard Allen
#include <std/sig.h>

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]