From owner-freebsd-security Thu Sep 10 16:28:18 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA25388 for freebsd-security-outgoing; Thu, 10 Sep 1998 16:28:18 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from aniwa.sky (pppk-05.igrin.co.nz [202.49.245.84]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA25379 for ; Thu, 10 Sep 1998 16:28:14 -0700 (PDT) (envelope-from andrew@squiz.co.nz) Received: from localhost (andrew@localhost) by aniwa.sky (8.8.7/8.8.7) with SMTP id LAA06172 for ; Fri, 11 Sep 1998 11:28:01 +1200 (NZST) (envelope-from andrew@squiz.co.nz) Date: Fri, 11 Sep 1998 11:28:01 +1200 (NZST) From: Andrew McNaughton X-Sender: andrew@aniwa.sky Reply-To: andrew@squiz.co.nz To: security@FreeBSD.ORG Subject: Re: terminal escape exploit (was Re: cat exploit) In-Reply-To: <19980910180956.A2858@mcs.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 10 Sep 1998, Karl Denninger wrote: > The problem is TERMINALS. > > You can't bitch that an EMULATOR does exactly what it is claimed to do - > emulate the REAL DEVICE. > > This "exploit" is so old its crusty; it is quite possible to do this on a > VT-52 (yes, a real Vt-52, you know those terminals that weighed about 100 > lbs, had a dinky little screen, were made by DEC and haven't been seen in > some 15 years? Yes, those.) Ok, so the origins are old. It's not an old problem in the sense that it's with us now and still needs fixing. I presume if it hasn't been then there's enough software that uses this 'feature' that it's awkward to throw it out.Could someone explain why this functionality is needed? Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message