'stty', 'write', 'mail', 'readnews', et al.
Tom Kelly
tom at hcrvx1.UUCP
Sat Sep 8 01:03:20 AEST 1984
It's a general problem on any terminal that has a "transmit" screen
capability. You don't have to use Mail or News; put the control sequence in
a man page, or a README file. Anyone who looks at it executes your
trojan horse.
A very similar serious problem arose under another operating system with
which I am familiar. It was possible to send a message to the operator's
console that contained these control characters. Since the console was
always privileged, it was an easy way to give your account super-user
capabilities. After it was discovered, the operating system was changed
to filter all messages to the console and remove certain control characters.
The program that controlled your terminal was also modifed to filter these
out so you couldn't send them to another user via the equivalent of
write(1).
This experience led me to conclude that I would just as soon not use
a terminal that had "transmit screen" ability, unless I could turn it
off.
Tom Kelly (416) 922-1937
{utzoo, ihnp4, decvax}!hcr!hcrvx1!tom
More information about the Net.bugs
mailing list