-1

On UNIX systems, you can write any messages to another terminal, using write command as far as the user at the receiving side accepts messages. Whether or not to accept messages is set by mesg {y|n} command.

According to man mesg,

Traditionally, write access is allowed by default. However, as users become more conscious of various security risks, there is a trend to remove write access by default, at least for the primary login shell.

But what kind of security risks are to be caused by mesg y?

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
ynn
  • 3,386
  • 2
  • 19
  • 42
  • 2
    Better suited for [Super User](https://superuser.com/) or [Unix & Linux](https://unix.stackexchange.com/) – Jorengarenar Jul 14 '20 at 06:11
  • 2
    On some terminals, it's possible to send escape sequences that make the terminal send input. So someone can send you a message that simulates you entering a command. – Barmar Jul 14 '20 at 06:17
  • @Barmar, do you happen to have one example of such terminals ? – Philippe Jul 14 '20 at 08:44

1 Answers1

0

Personally I think this has a lot to do with programming, and the fact that programmers have to really careful with escape sequences. The boundaries between data and code can some time be bent, sometimes they can be broken.

you can find more information cool information here.

https://marc.info/?l=bugtraq&m=104612710031920

https://turbochaos.blogspot.com/2014/08/journalctl-terminal-escape-injection.html

https://www.openwall.com/lists/oss-security/2015/08/11/8

https://www.openwall.com/lists/oss-security/2015/09/17/5

The Unix Janitor
  • 558
  • 1
  • 6
  • 15