From owner-freebsd-security  Sun Sep 13 03:57:44 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id DAA16461
          for freebsd-security-outgoing; Sun, 13 Sep 1998 03:57:44 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from gratis.grondar.za (gratis.grondar.za [196.7.18.65])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA16452
          for <freebsd-security@freebsd.org>; Sun, 13 Sep 1998 03:57:38 -0700 (PDT)
          (envelope-from mark@grondar.za)
Received: from grondar.za (localhost [127.0.0.1])
	by gratis.grondar.za (8.9.1/8.9.1) with ESMTP id MAA15702;
	Sun, 13 Sep 1998 12:56:21 +0200 (SAST)
	(envelope-from mark@grondar.za)
Message-Id: <199809131056.MAA15702@gratis.grondar.za>
To: Stefan Eggers <seggers@semyam.dinoco.de>
cc: andrew@squiz.co.nz, Jay Tribick <netadmin@fastnet.co.uk>,
        freebsd-security@FreeBSD.ORG
Subject: Re: Err.. cat exploit.. (!) 
In-Reply-To: Your message of " Sun, 13 Sep 1998 11:32:39 +0200." <199809130932.LAA02989@semyam.dinoco.de> 
References: <199809130932.LAA02989@semyam.dinoco.de> 
Date: Sun, 13 Sep 1998 12:56:16 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Stefan Eggers wrote:
> As I understand it these actions are meant for use in X resources to
> bind keys to certain actions.  So if one makes sure that the resources
> are only loaded with user specified ones (as Xsession - which is used
> by xdm - seems to do if one doesn't have an ~/.xsession) and the X
> server disallows all accesses to other users only oneself can have set
> these.  Or do I misunderstand something here?

You misunderstand the terminal model.

_MOST_ modern terminals have the ability to allow an escape-sequence
to modify either the "report-back" string, any keystroke, or certain
keystrokes to send a (attacker-chosen) string.

Clever attackers have used this in the past to get the terminal to
send hostile commands back to the host system.

X server is not involved in the _general_ model, nor is the OS.

Can we put this to sleep now?

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message