Date: Sun, 13 Sep 1998 12:56:16 +0200 From: Mark Murray <mark@grondar.za> To: Stefan Eggers <seggers@semyam.dinoco.de> Cc: andrew@squiz.co.nz, Jay Tribick <netadmin@fastnet.co.uk>, freebsd-security@FreeBSD.ORG Subject: Re: Err.. cat exploit.. (!) Message-ID: <199809131056.MAA15702@gratis.grondar.za> In-Reply-To: Your message of " Sun, 13 Sep 1998 11:32:39 %2B0200." <199809130932.LAA02989@semyam.dinoco.de> References: <199809130932.LAA02989@semyam.dinoco.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Stefan Eggers wrote: > As I understand it these actions are meant for use in X resources to > bind keys to certain actions. So if one makes sure that the resources > are only loaded with user specified ones (as Xsession - which is used > by xdm - seems to do if one doesn't have an ~/.xsession) and the X > server disallows all accesses to other users only oneself can have set > these. Or do I misunderstand something here? You misunderstand the terminal model. _MOST_ modern terminals have the ability to allow an escape-sequence to modify either the "report-back" string, any keystroke, or certain keystrokes to send a (attacker-chosen) string. Clever attackers have used this in the past to get the terminal to send hostile commands back to the host system. X server is not involved in the _general_ model, nor is the OS. Can we put this to sleep now? M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809131056.MAA15702>