● [转寄] [转载]BBS病毒(2) - 荔园在线 | 深圳大学学生论坛,荔园晨风BBS,深大在线网站

荔园之美，在春之萌芽，在夏之绽放，在秋之收获，在冬之沉淀

发信人: Mic (不要变,行不行), 信区: Virus
标  题: [转寄] [转载]BBS病毒(2)                       lyxn
发信站: 荔园晨风BBS站 (Sat Jun  2 07:18:33 2001), 转信

【以下文字转载自 Mic 的信箱】
【原文由 smickey.bbs@argo.zsu.edu.cn 所发表】
发信人: Song (一曲长歌), 信区: Virus
标  题: [转载]BBS病毒(2)
发信站: 逸仙时空 Yat-sen Channel (Thu Mar 25 18:41:04 1999), 站内信件

关于 ANSI 炸弹

bluesea, Jan.14.98

    NetTerm 有那么点不太引人注目的小秘密，这就是它自己支持一些类似 Ansi 控
制的扩充控制序列。曾经作为一个调剂的手段，为上 BBS的网虫增添了不少乐趣。随
着清华 BBS 上的一些网虫不断“露一手”，现在全国很多 BBS 都使用了这些扩充的
控制来修改标题栏、状态栏，来表示对网虫的问候。如北方交大、木棉、蓝天、网
易……

    Ansi 作为标准字符的一种扩展的表现手段，起到了丰富色彩，活跃气氛的作用，
这些作用的效果会随着阅读一篇文章的结束而结束，而很多扩展控制却可以留下来，
改变你的标题栏、状态栏，甚至打开你的浏览器，乃至死机。Netterm 在解释自己创
立的扩充序列的一些 Bug也很明显地表现了出来，同时，还有很多终端程序在解释控
制序列的时候，程序不够严密，对于非标准的序列往往会产生意外的后果。利用程序
编制上的缺陷，采用类似 Ansi 序列的方法激活这些 Bug，这就是我们这里说的所谓
“BBS ANSI 炸弹”。

    扩展控制序列的滥用，引起了 BBS上的一些争论，很多人表示反感。经过不太长
时间的讨论，终于有了结果。就是把扩充序列的解释权交给用户。详细的信息请参考
sysop 板的讨论，以及最后 Leeward 公布的解决办法。至此，这个本来不是秘密的
ANSI 炸弹问题，终于有了一个答案。

    下面的内容，就在你的 Netterm 的帮助文件里面。它本来就是公开的。“高手”
之所以能够“露两手”，是因为他们通过自己的细心或其他途径比你先知道了这些不
能称为秘密的秘密。呵呵，谁当初会想到围绕这个问题会有这样多的故事呢。不过我
们今天不得不通过一种管理的手段来制约它，这一方面说明完整的管理制度是维护一
个全局的必要手段，同时也说明在网络这个苑囿中，自觉二字还远没有达到理想的程
度。

Special Escape Sequences
========================

NetTerm contains several special escape definitions that are not a part of
the published VT-XXX or ANSI standard.  These have been requested by several
of our clients to enhance the functionality of NetTerm and provide a more
flexible client interface for their UNIX programs.  The following are the
special escape codes:

^[[]URL^[[0*        Send the URL to the client's WWW browser for processing.
^[[]COMMAND^[[1*    Start/run the program specified by COMMAND.
^[[]COMMAND^[[2*    Define the International keyboard/video map to use.
^[[]COMMAND^[[3*    Define the keyboard definition template to use.
^[[]COMMAND^[[5*    Define and execute a SmartButton style command .
^[[80m              Change the font to the default 80 columns font.
^[[132m             Change the font to isi_132 (132 columns).
^[[7i               Turn on the locator controller mode.
^[[6i               If the locator controller mode has been selected,
                    this will turn it off.
^[[=MMESSAGE^[[=S   Display MESSAGE in the StatusBar
^[[=mTITLE^[[=S     Set the NetTerm window title to TITLE.
^[[=K0              Clear all the SmartButton labels.
^[[=k0              Clear all the SmartButton transmitted key data values.
^[[=KnbDATA         Set the SmartButton labels.
^[[=knbDATA         Set the SmartButton transmitted key data values.

Where ^[ is the ESC character (0x1b), URL is any valid URL and COMMAND is
any valid DOS or Windows program.  The maximum length of the URL and COMMAND
is 2047 characters.  The maximum length of values MESSAGE and
TITLE is 80 characters.  The SmartButton escape sequences to set the label
and transmitted key data values must be in the following format:

n         The total number of label(s) or transmitted key data value(s)

          following (maximum of 9).
b         The button this entry pertains to (valid values are 1-9).
DATA      The value to set the label/data value to.   DATA has a
          maximum length of nine characters.

Note that DATA has a maximum length of nine characters and a required length
of nine characters.  Trailing spaces must be used to make each DATA field
nine characters long.  A maximum of nine buttons can be defined in BA-80
emulation,  eight buttons in all others.   The SmartButton definitions are
not saved when NetTerm exits.

The ability to start/run programs on the local workstation can create
serious security problems.  For this reason, a global flag controls whether
NetTerm will honor a host request to start/run local programs.  The default
is not to allow any host to start/run local programs.  If NetTerm detects
such a request, a message will be displayed indicating a security violation.
In order to enable the ability to start/run programs, the option 'Allow
Program Calls' must be enabled.  This option is located in the
Options-Setup-Global Settings-General tab.

The 'Allow Program Calls' option does not apply to operations relating to
the browser (URL) or to the editor (such as the transparent printing/netedit
requests).

The locator controller mode allows the host to communicate directly with the
locator device without terminal intervention.  When locator controller mode
is set,  all data received at the host port is transferred directly to the
locator port without interpretation by NetTerm.  All data received from the
locator device will be sent directly to the host.  The serial port for the
locator device must be defined in the Options-Setup-Setup Locator Controller
dialog panel.

In addition to support for the locator controller device, NetTerm has
implemented the Locator Input Model as defined by DEC.  The Locator Input
Model allows for maximum flexibility and control of mouse events from the
host system.  Refer to the DEC specification for complete details and
required escape sequences.

Finally, in the status bar, The LED display contains four LED lights that
can be turned on by the VT100 escape command ESC[xq where x is the LED
number to turn on.

                        BBS水木清华站∶精华区

--

    ####*****       一曲长歌终日月，三千骑甲蔽青天        *****####

※ 来源:．逸仙时空 Yat-sen Channel bbs.zsu.edu.cn．[FROM: 202.116.64.110]
--
※ 转寄:．逸仙时空 Yat-sen Channel bbs.zsu.edu.cn．[FROM: 210.39.3.50]
--
※ 转载:·荔园晨风BBS站 bbs.szu.edu.cn·[FROM: 192.168.28.108]

荔园在线首页友情链接：深圳大学深大招生荔园晨风BBS S-Term软件网络书店