[Ref: pasc-1003.2-22] Topic: talk

Defect Report concerning: IEEE Std. 1003.2-1992, ISO/IEC 9945-2:1993 - Shell & Utilities
Clause: 5.37.2
PASC Interpretation Ref: pasc-1003.2-22
Topic: talk

This is an unapproved interpretation of PASC 1003.2-1992, ISO/IEC 9945-2:1993 - Shell & Utilities.

Use of the information contained in this unapproved document is at your own risk.

Last update: 20 April,2001

								1003.2-92  #22
	Class: No change

This response will be incorporated in an IEEE interpretations
publication, and will be also made available on-line on the IEEE 
SPAsystem.

 _____________________________________________________________________________

	Interpretation Number:	(to be assigned by the IEEE)
	Topic:			talk
	Relevant Sections:	5.37.2


Interpretation Request: (Defect Report)
-----------------------
 
          In Section 5.37.2 -  Description  {of  talk},  the  standard 
          states that ``[t]yping [other] nonprintable characters shall 
          cause   implementation-defined   sequences   of    printable 
          characters to be  written  to  the  recipient's  terminal.'' 
          [Draft 12 of IEEE Std 1003.2-1992 (July 1992), p. 639, lines 
          4185-4186] and  that  ``[t]yping  characters  from  LC_CTYPE 
          classifications print or space shall cause those  characters 
          to be sent to the recipient's terminal.''  [Ibid.,  p.  639, 
          lines 4179-4180] 
 
          If {POSIX2_LOCALEDEF} is defined,  a  malicious  user  could 
          create a locale in which every character is  printable.   In 
          this case, a control sequence causing a line to be  sent  to 
          the system and then executed can be sent to an  unsuspecting 
          user's terminal. 
 
          This is a security hole.  Since  most  talk  implementations 
          involve transmitting each character to  another  process  on 
          the other end, in particular  one  run  by  the  recipient's 
          terminal, could lines 4179-4180:  ``[t]yping characters from 
          LC_CTYPE classifications print or space  shall  cause  those 
          characters to be sent  to  the  recipient's  terminal.''  be 
          interpreted  as  referring  to  the   recipient's   LC_CTYPE 
          classification to close this hole? 
 
          If this solution is not  possible,  could  lines  4188-4189: 
          ``[h]owever, a user's privilege may  further  constrain  the 
          domain of accessibility of other users' terminals''  [Ibid., 
          p. 639, lines 4188-4189] be used  to  close  this  hole,  by 
          disallowing mortals from talking to other  users'  terminals 
          if their LC_CTYPE is not a public locale? 
 

IEEE Interpretation for 1003.2-1992 
-----------------------------------


The description of LC_CTYPE on page 608 lines 4222-4223
makes the operation of talk undefined if the sender's and
receiver's locales are not the same.  This allows specific
implementations of talk to prevent the security hole by
disallowing talk when dissimilar locales are used.  See also
interpretation request write.1-2390.

Rationale for Interpretation:
-----------------------------
None.
 _____________________________________________________________________________