Slaying Gould dragon with a wooden
Doug Gwyn
gwyn at brl-smoke.ARPA
Fri Nov 7 13:29:19 AEST 1986
In article <2481 at phri.UUCP> roy at phri.UUCP (Roy Smith) writes:
> Maybe I'm missing something obvious, but why are block-mode
>terminals a security problem?
Actually, this applies to any terminal that can be told by the host
to store characters and then be told by the host to transmit stored
characters. Programmable function keys sometimes have this property.
The problem is that these features allow anyone who can transmit
more-or-less unmolested information to the terminal to force-feed
input from that terminal, which so far as UNIX knows was typed by
the logged-in user. This can be protected against to some degree
by changing the "write" utility, mail-reading interface, etc. to
not send ESC and other possibly harmful characters unmapped to the
terminal. However, "cat file" can still trip a mine like this.
More information about the Comp.unix
mailing list