|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Fwd: Re: Splitvt exploit
From: Thomas Biege (thomas
SUSE.DE)Date: Tue Jun 20 2000 - 01:36:11 CDT
- Next message: Tomasz Grabowski: "Bug in gpm"
- Previous message: Roman Drahtmueller: "CERT Advisory CA-2000-12"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
> > splitvt isn't installed setuid on SuSE Linux.
>
> So how does it work?
>
> If it's not setuid, and has not been patched to use devpts, it has no
> way of chowning the tty's it uses. That means that when you run splitvt,
> you are typing into a shell that is connected to a tty that is
> (typically) mode:
>
> crw-rw-rw- 1 root tty 3, 176 Jun 14 14:53 /dev/ttya0
>
> Thus, third parties can eg, write escape sequences to the terminal, and
> possibly remap keystrokes to do evil things. And they can certianly
> capture your keystokes to that terminal.
Yes, you're right.
We're currently testing splitvt with the /dev/pts stuff.... thanks for
that hint.
Bye,
Thomas
-- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E
- Next message: Tomasz Grabowski: "Bug in gpm"
- Previous message: Roman Drahtmueller: "CERT Advisory CA-2000-12"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]