home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Columbia Kermit
/
kermit.zip
/
newsgroups
/
misc.19950528-19950726
/
000258_news@columbia.edu_Fri Jun 30 11:18:56 1995.msg
< prev
next >
Wrap
Internet Message Format
|
2020-01-01
|
4KB
Received: from apakabar.cc.columbia.edu by watsun.cc.columbia.edu with SMTP id AA13355
(5.65c+CU/IDA-1.4.4/HLK for <kermit.misc@watsun.cc.columbia.edu>); Sun, 2 Jul 1995 06:01:25 -0400
Received: by apakabar.cc.columbia.edu id AA27239
(5.65c+CU/IDA-1.4.4/HLK for kermit.misc@watsun); Sun, 2 Jul 1995 06:01:23 -0400
Path: news.columbia.edu!sol.ctr.columbia.edu!hamblin.math.byu.edu!park.uvsc.edu!news.provo.novell.com!news.cs.utah.edu!cc.usu.edu!jrd
From: jrd@cc.usu.edu (Joe Doupnik)
Newsgroups: comp.protocols.kermit.misc
Subject: Re: Configurable APC checking in next MSK release?
Message-Id: <1995Jun30.171856.55074@cc.usu.edu>
Date: 30 Jun 95 17:18:56 MDT
References: <jhurwitDAuowt.ICo@netcom.com> <1995Jun29.071144.54932@cc.usu.edu> <jhurwitDAy11x.7Jq@netcom.com>
Organization: Utah State University
Lines: 63
Apparently-To: kermit.misc@watsun.cc.columbia.edu
In article <jhurwitDAy11x.7Jq@netcom.com>, jhurwit@netcom.com (Jeffrey Hurwit) writes:
> Thanks to both Frank and Joe for your comments.
>
> In article <1995Jun29.071144.54932@cc.usu.edu>,
> Joe Doupnik (jrd@cc.usu.edu) wrote:
>
>> The reason OUTPUT is on the dangerous list is this. Something
>>on the host sends APC OUTPUT \26DEL *.* ST to your desktop machine. That's
>>includes a form of nasty mail trouble (^Z to suspend currrent process,
> ^^^^^^^^^^^^^^^^^^^^^^^^^^
>>start removing files).
>
> Hmmm, I see your point. I can see some visciousness on the part of
> someone (similar to ANSI bombs, right? Someone would have to know
> that I'm using Kermit), but I'm not familiar with the kinds of
> system vagarities that would accidently trigger an unwanted APC
> command that would in turn cause damage on the host account. I'll
> take your word for it!
>
>> I'm not sure we want to itemize commands which are dangerous
>>because it is a bulky operation in the program and it adds to the doc
>>complexity (must now explain how each candidate can be abused remotely
>>etc).
>
> I didn't know it would bloat the program that much. Having only
> recently stepped up from an 8088 portable with no hard drive, I
> really appreciate your continuing to support antiquated equipment
> with minimal resources!
>
> Ok, then let me try this suggestion: Currently, MSK will ignore a
> 'set apc unchecked' command in a script or macro if it was invoked
> with an APC command. How about reversing this so that MSK will
> recognize and act on that command? What I envision is placing a
> 'set apc unchecked' just before a dangerous command, and 'set apc
> on' just after. This way, the window of opportunity for a system
> burp setting off an unwanted command would be small, and an "APC
> bomb" in an e-mail message could do nothing at all without knowing
> the name of the script or macro.
>
> In fact, better yet, how about an "unchecked' command, to be used
> only in scripts or macros? Placed just before the dangerous
> command (eg. 'uncheked output xxxx'), it could disable APC checking
> just for the duration of that command, and reestablish it
> immediately afterward.
>
> For the docs, you could simply list out the commands which are
> checked, following a brief and general discussion of the reasons
> for checking them. More than that would not be necessary if the
> user has the option of an 'unchecked' command.
>
> How does this sound? Would it add too much to the size and
> complexity of MSK? I think it could provide a good balance between
> safety and flexibility if properly used.
>
> Jeff
---------
Well, er, a little confusing today, but I think I have your point.
That point is let the APC command text contain a SET APC UNCHECKED string.
Is that right? If so then there is no point to having checking at all;
someone can do whatever they wish to your machine just by sticking such
APC command material (with the APC ST control codes too) in anything
you display via Connect mode. Mail will do nicely.
Joe D.