|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Splitvt exploit
From: Joey Hess (joey
KITENET.NET)Date: Thu Jun 15 2000 - 18:49:01 CDT
- Next message: Martin K. Petersen: "Re: xfs + gdm allow DoS of console"
- Previous message: Ussr Labs: "Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability"
- In reply to: Thomas Biege: "Re: Splitvt exploit"
- Next in thread: Kris Kennaway: "Re: Splitvt exploit"
- Reply: Joey Hess: "Re: Splitvt exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Thomas Biege wrote:
> splitvt isn't installed setuid on SuSE Linux.
So how does it work?
If it's not setuid, and has not been patched to use devpts, it has no
way of chowning the tty's it uses. That means that when you run splitvt,
you are typing into a shell that is connected to a tty that is
(typically) mode:
crw-rw-rw- 1 root tty 3, 176 Jun 14 14:53 /dev/ttya0
Thus, third parties can eg, write escape sequences to the terminal, and
possibly remap keystrokes to do evil things. And they can certianly
capture your keystokes to that terminal.
-- see shy jo
- Next message: Martin K. Petersen: "Re: xfs + gdm allow DoS of console"
- Previous message: Ussr Labs: "Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability"
- In reply to: Thomas Biege: "Re: Splitvt exploit"
- Next in thread: Kris Kennaway: "Re: Splitvt exploit"
- Reply: Joey Hess: "Re: Splitvt exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]