WHAT IS THIS?
~~~~~~~~~~~~~
Shared term allows other users to use the same term connection you are using.
By environment variables you can disable/enable shared features.

You only need to install shared term on the end that you have users
who want a shared term connection.  However for new commands to work,
both ends should be running the same term version #.

This gives you the commands:
	term		The main program.
	tmon		Monitors term traffic.  Shared.
	tredir		Redirects a port to port.  Shared.
	txconn		Allows use of X programs remotely.  Shared.
	tshutdown	Terminates term on both ends.  Not shared.
	tupload		Transmits files.  Not shared.
	trsh		Shells to remote.  Not shared.

OK, the following instructions allow you to share your term connection without
allowing other users direct access to either the account on which term
was started, or the remote unix account.

If you don't want to use the shared term features, skip the following
section of this file.  Just type "make" for instructions on compiling term.


Term modes:
~~~~~~~~~~

There are two basic ways you can install term for sharing.  The safest, most
secure method is to root create a "term" group which contains no members.  Then
as root, install "term" as a SGID program.  If this option is not possable, 
then you can install term as a SUID program by specifying USERSHARE=$HOME/term
Here is a table that lists the differences:

Chmod	$TERMMODE	$TERMDIR -or-	Default		Connection
Type			$TERMSHARE			Owner	Users
-------	---------------	---------------	---------------	------- ----------------
u+s	1 (Shared)	niether		$HOME/term	You	Anyone
u+s	0 (Private)	$TERMDIR	$HOME		Anyone	Connection Owner
g+s	1 (Shared)	$TERMSHARE	/usr/local/lib/term	Anyone	Anyone
g+s	0 (Private)	$TERMDIR	$HOME		Anyone	Connection Owner
-	0 (Private)	$TERMDIR	$HOME		Anyone	Anyone


To install shared term, do the following:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1) (IF YOU ARE ROOT!)  Create a "term" group with no members
   by adding the following line in /etc/group:

   term::16:root

   If 16 is already used by something else, choose an unused GID.


2) (IF YOU ARE ROOT!) Do:

   make DO=installshare `uname`

3) (IF YOU ARE AN ORDINARY USER!) Do:

   make DO=installshare USERSHARE=$HOME/term `uname`


4) To start "term" SHARED mode use:

   With csh or tcsh:
       setenv TERMMODE 1
   With bash use:
       export TERMMODE=1

   NOTE!!!  All users who want to take advantage of the shared term 
   connection must set the above environment variable.



5) To start old clients in shared mode.  (i.e. Clients which where linked to
   an older version of clients.a)

   With csh or tcsh:
      setenv TERMDIR /usr/local/lib/term
      setenv TERMSHARE $TERMDIR
   With bash use:
       export TERMDIR=/usr/local/lib/term
       export TERMSHARE $TERMDIR

   NOTE!!!  All users who want to take advantage of the shared term 
   connection must set the above environment variables.


6) To run in PRIVATE MODE: 

   With csh/tcsh:
       setenv TERMMODE 0
   With bash:
       export TERMMODE=0



SUMMARY OF SHARED COMMAND:
~~~~~~~~~~~~~~~~~~~~~~~~~~

The primary differences between the shareable and are unsharable commands is:
  - Sharable commands are set group ID programs (if installed by root), or
    are set user ID programs (if installed by an ordinary user).
  - The shared "term" directory is controled by $TERMSHARE instead of
    $TERMDIR

The following summarizes which programs can be used in shared mode:
If you let the Makefile install term, this was done automatically.
  Command:  Shared:	Comments:
  term      yes		This is required to be shared.
  tmon      yes		Very benign term monitor.
  tredir    yes		Safe as long as you don't start term as root.
  txconn    yes		Safe as long as you don't start term as root.
  tupload   no          Go ahead and set shared group permission, so tupload
                        knows to use TERMSHARE instead of TERMDIR.
  trsh      no		Go ahead and set shared group/user permission.
  tshutdown no		Go ahead and set shared group/user permission.

The user who owns the connection and root may use all term commands normally.


HOW TO MAKE A COMMAND SHARED
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you want to make a term command such as termftp or termtelnet shared,
then do the following, which sets shared group permissions:

  IF YOU ARE ROOT:
	chgrp term binary-file
	chmod g+s binary-file
  IF YOU ARE AN ORDINARY USER:
        chmod u+s binary-file

To test the command try to fork a shell with the command "id".  If "id"
reports:
   '... egid=16(term) ...' 
then you have a security hole.

Also try to overwrite other peoples files, or create files where you
don't have permission.

If you find a security hole, RESET THE PERMISSIONS until you have a chance to
modify the source code and recompile.  A quick hack that will allow the program
to be SUID or SGID but not be shared (like tupload or trsh) is:

    set_share_mode();
    seteuid(getuid());
    setegid(getgid());


SAFE COMMANDS TO MAKE SHARED:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

These commands could be made shareable:

  termtelnet		Seems safe so far.
  termncftp     	Use the patched shared ncftp 1.70.
  termfinger		Seems safe so far.
  xtmon			Seems pretty safe.
  termMosaic		Probably a security hole.
  termircII		DON'T SET SHARED GROUP PERMISSIONS!

Note: As always, any ports you redirect will be useable by everyone.
The patched version of ncftp 1.70 is available at:
sunsite.unc.edu:/pub/Linux/apps/comm/termstuff/ncftp1.70-share.tar.gz

