Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Subject: Re: Fwd: Re: Splitvt exploit
From: Thomas Biege (thomasSUSE.DE)
Date: Tue Jun 20 2000 - 01:36:11 CDT
- Next message: Tomasz Grabowski: "Bug in gpm"
- Previous message: Roman Drahtmueller: "CERT Advisory CA-2000-12"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> > splitvt isn't installed setuid on SuSE Linux.
> So how does it work?
> If it's not setuid, and has not been patched to use devpts, it has no
> way of chowning the tty's it uses. That means that when you run splitvt,
> you are typing into a shell that is connected to a tty that is
> (typically) mode:
> crw-rw-rw- 1 root tty 3, 176 Jun 14 14:53 /dev/ttya0
> Thus, third parties can eg, write escape sequences to the terminal, and
> possibly remap keystrokes to do evil things. And they can certianly
> capture your keystokes to that terminal.
Yes, you're right.
We're currently testing splitvt with the /dev/pts stuff.... thanks for
-- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg Email: thomassuse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47