Printscreen capability? SECURITY HOLE
John Plocher
plocher at uport.UUCP
Thu Aug 11 12:19:23 AEST 1988
In article <510 at sysco> chapman at sco.COM (brian chapman) writes:
>>Is a printscreen capability available in Xenix?
>Yes
>ESC x x x Send screen to host.
> Current screen con-
> tents are sent to the
> application.
Great! Now I (as Joe User) can do:
clear > x
echo chmod all+w /bin/motd > x # or other favorite nastiness
echo "<esc>xxx" > x # see above
clear > x
and whenever root is logged onto the console:
write root < x
This security hole is one reason that many sysadmins don't use terminals
with a "block mode". Adding this to the console driver is a very subtle
way to compromise a system.
-John Plocher
ps. Yes, I know the script above is not exact - let's leave it that way.
More information about the Comp.unix.xenix
mailing list