Terminals are ridiculously insecure
Peter da Silva
peter at ficc.uu.net
Wed Jan 11 01:20:12 AEST 1989
Even with totally fascist hangups, a simple trojan horse that established the
link for the duration of a tty session would be amazingly useful. Since it
would be a sleeper, and could disguise itself, it could run undetected for
months, on and off, until someone wants to spoof root.
No matter what you do, TIOCSTI is a major security hole and should be
eliminated... along with all the terminals that respond to transmit screen/
line/status-line/function-key sequences. I'm totally amazed that such a
capability is in the terminal driver.
And, as I pointed out in my old "Usenet Virus" article, there's really
no long-term protection against a trojan horse.
--
Peter da Silva, Xenix Support, Ferranti International Controls Corporation.
Work: uunet.uu.net!ficc!peter, peter at ficc.uu.net, +1 713 274 5180. `-_-'
Home: bigtex!texbell!sugar!peter, peter at sugar.uu.net. 'U`
Opinions may not represent the policies of FICC or the Xenix Support group.
More information about the Comp.unix.wizards
mailing list