plocher@uport.UUCP (John Plocher) (08/11/88)
In article <510@sysco> chapman@sco.COM (brian chapman) writes: >>Is a printscreen capability available in Xenix? >Yes >ESC x x x Send screen to host. > Current screen con- > tents are sent to the > application. Great! Now I (as Joe User) can do: clear > x echo chmod all+w /bin/motd > x # or other favorite nastiness echo "<esc>xxx" > x # see above clear > x and whenever root is logged onto the console: write root < x This security hole is one reason that many sysadmins don't use terminals with a "block mode". Adding this to the console driver is a very subtle way to compromise a system. -John Plocher ps. Yes, I know the script above is not exact - let's leave it that way.
ag@elgar.UUCP (Keith Gabryelski) (08/14/88)
In article <414@uport.UUCP> plocher@uport.UUCP (John Plocher) writes: >In article <510@sysco> chapman@sco.COM (brian chapman) writes: >>>Is a printscreen capability available in Xenix? >>Yes >>ESC x x x Send screen to host. > >and whenever root is logged onto the console: > > write root < x > >This security hole is one reason that many sysadmins don't use terminals >with a "block mode". Adding this to the console driver is a very subtle >way to compromise a system. This is one reason why many sysadmins have "mesg n" in their .profile. Piece 'o cake. Pax, Keith Ps, I haven't looked into where in the news code articles get rejected if they have less message then inclusion, but it is going to get ripped out as soon as I have posted this article. -- "If green is all there is to be, then green is good enough for me" - ktf [ Keith ] UUCP: {ucsd, cbosgd!crash, sdcsvax!crash, nosc!crash}!elgar!ag [Gabryelski] INET: ag@elgar.cts.com ARPA: elgar!ag@ucsd.edu