|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: [rootshell.com] Xterm DoS Attack
From: Michael Jennings (mej
VALINUX.COM)Date: Thu Jun 08 2000 - 15:41:48 CDT
- Next message: Fabian Kroenner: "Re: Password Generation during RH Linux 6.x Installation"
- Previous message: Felix von Leitner: "arprelay: a tool to edit TCP connections in a LAN"
- In reply to: Simon Tatham: "Re: [rootshell.com] Xterm DoS Attack"
- Reply: Michael Jennings: "Re: [rootshell.com] Xterm DoS Attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tuesday, 06 June 2000, at 10:28:28 (+0100),
Simon Tatham wrote:
> Philosophically, I have a hard time seeing this as a bug in any
> given terminal emulator. There _should_ be a way for a (trusted) app
> running in a terminal emulator to request window size changes and
> other such things; it's very useful.
Absolutely. Disabling the sequence altogether is an improper fix to
the problem. The solution as I implemented it in the newer Eterms was
to limit the resize request based on the screen size. I see very
little point in allowing a terminal window to resize itself larger
than the screen. This was just an arbitrary limit on my part, though;
if you wanted to choose a bit larger than the screen, same
difference. But there should be checks for reasonable values,
especially if you use the larger data types (like a 32- or 64-bit
integer) for the x/y sizes. A 2-billion-by-2-billion terminal window
doesn't make sense for anyone.
> And in the absence of separated control and data streams within a
> terminal session (in which case one could allow `cat' unrestricted
> access to the data stream and it would not be able to DoS by
> injecting malice into the control stream), the whole terminal
> session must be considered to be the control stream, and
> vulnerable. Don't `cat' untrusted files.
Unfortunately, the vulnerability extends well beyond simply "cat".
Theoretically it may be possible as a local user (or even a remote
one?) to cause such strings to be injected into the syslog/messages
file, which many sysadmins keep a running tail on. You've also got to
consider e-mail, which is often read through terminal clients. Then
there's IRC and other chat networks. Talk daemon requests (remember
flash?). Web pages viewed by lynx or other text-based browsers. The
list goes on....
Michael
-- "Some mornings, it's just not worth chewing through the leather straps." -- Emo Phillips ======================================================================= Michael Jennings <mej
- Next message: Fabian Kroenner: "Re: Password Generation during RH Linux 6.x Installation"
- Previous message: Felix von Leitner: "arprelay: a tool to edit TCP connections in a LAN"
- In reply to: Simon Tatham: "Re: [rootshell.com] Xterm DoS Attack"
- Reply: Michael Jennings: "Re: [rootshell.com] Xterm DoS Attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]