spiffy terminals (was: printf, data presentation)
Henry Spencer
henry at utzoo.uucp
Mon Jan 16 12:30:08 AEST 1989
In article <7055 at cdis-1.uucp> tanner at cdis-1.uucp (Dr. T. Andrews) writes:
>) 630 is programmable.
>
>What this means, in short, is that you can write a program to have
>this terminal send anything you want. Send the proper escape
>sequence to it when someone is su "root", and you've just programmed
>it to send commands to allow unpassworded root access.
If someone else can send arbitrary bytes to your terminal without your
approval, you have bigger problems than programmable terminals. Exploiting
them can be fairly hard, but it *can* be done, especially if the user isn't
too attentive to what's happening on his terminal. What you type is
often a response to what you see.
If you do "su root" and then run programs whose output you cannot trust,
you again have bigger problems than programmable terminals. This time
the exploitation is easy.
--
"God willing, we will return." | Henry Spencer at U of Toronto Zoology
-Eugene Cernan, the Moon, 1972 | uunet!attcan!utzoo!henry henry at zoo.toronto.edu
More information about the Comp.lang.c
mailing list