WG15 Defect Report Ref: 9945-2-22
Topic: talk

This is an approved interpretation of 9945-2:1993.

.

Last update: 1997-05-20 

								9945-2-22
	Class: No change

 _____________________________________________________________________________

	Topic:			talk
	Relevant Sections:	5.37.2


Defect Report:
-----------------------
 
          In Section 5.37.2 -  Description  {of  talk},  the  standard 
          states that ``[t]yping [other] nonprintable characters shall 
          cause   implementation-defined   sequences   of    printable 
          characters to be  written  to  the  recipient's  terminal.'' 
          [Draft 12 of ISO/IEC 9945-2:1993 (July 1992), p. 639, lines 
          4185-4186] and  that  ``[t]yping  characters  from  LC_CTYPE 
          classifications print or space shall cause those  characters 
          to be sent to the recipient's terminal.''  [Ibid.,  p.  639, 
          lines 4179-4180] 
 
          If {POSIX2_LOCALEDEF} is defined,  a  malicious  user  could 
          create a locale in which every character is  printable.   In 
          this case, a control sequence causing a line to be  sent  to 
          the system and then executed can be sent to an  unsuspecting 
          user's terminal. 
 
          This is a security hole.  Since  most  talk  implementations 
          involve transmitting each character to  another  process  on 
          the other end, in particular  one  run  by  the  recipient's 
          terminal, could lines 4179-4180:  ``[t]yping characters from 
          LC_CTYPE classifications print or space  shall  cause  those 
          characters to be sent  to  the  recipient's  terminal.''  be 
          interpreted  as  referring  to  the   recipient's   LC_CTYPE 
          classification to close this hole? 
 
          If this solution is not  possible,  could  lines  4188-4189: 
          ``[h]owever, a user's privilege may  further  constrain  the 
          domain of accessibility of other users' terminals''  [Ibid., 
          p. 639, lines 4188-4189] be used  to  close  this  hole,  by 
          disallowing mortals from talking to other  users'  terminals 
          if their LC_CTYPE is not a public locale? 
 

WG15 response for 9945-2:1993 
-----------------------------------


The description of LC_CTYPE on page 608 lines 4222-4223
makes the operation of talk undefined if the sender's and
receiver's locales are not the same.  This allows specific
implementations of talk to prevent the security hole by
disallowing talk when dissimilar locales are used.  See also
interpretation request write.1-2390.

Rationale for Interpretation:
-----------------------------
None.
 _____________________________________________________________________________