Path: utzoo!utgpu!attcan!uunet!lll-winken!lll-ncis!helios.ee.lbl.gov!pasteur!ucbvax!hplabs!sm.unisys.com!csun!csuna!abcscnuk From: abcscnuk@csuna.UUCP (Naoto Kimura) Newsgroups: comp.unix.questions Subject: Re: Help on control keys Message-ID: <1494@csuna.UUCP> Date: 5 Jan 89 23:44:45 GMT References: <9259@smoke.BRL.MIL> Reply-To: abcscnuk@csuna.UUCP (Naoto Kimura) Organization: California State University, Northridge Lines: 40 In <9259@smoke.BRL.MIL> Doug Gwyn writes: > A few terminals DO have a feature that can be exploited to > accomplish host command execution indirectly, namely "programmable > function keys" combined with "transmit the contents of designated > function key". That is a HORRIBLE security flaw and you should > avoid buying such terminals ... > ... While at UCLA, when some people would try to annoy me by redirecting /usr/games/worms or /usr/games/rain to my terminal. I would retaliate by using a text file designed for the terminal that they using. In the file were the control sequences to: 1) lock the keyboard 2) clear the screen 3) set the terminal to display control characters rather than display them 4) output the string "logout\n" 5) send the transmit line sequence Of course, I could've been cruel and did other things, like execute "rm -rf ~" Other things possible were to append "logout" to their ".cshrc" Or even more fun, put a "chmod u-rwx ~" in their ".login" At times I would put a "chmod o+r `tty`" on their terminal instead of login. Then I would do a "tail -x" on their terminal. Of course, I could've gotten cute and interactively simulate the login process... While I'm at discussing different malicious things that can be done, another one is the file containing the control character to protect the entire screen except for one character at the middle of the screen. Of course it can be made worse by causing the entire screen to be protected. //-n-\\ Naoto Kimura _____---=======---_____ (csun!csuna!abcscnuk) ====____\ /.. ..\ /____==== // ---\__O__/--- \\ Enterprise... Surrender or we'll \_\ /_/ send back your *&^$% tribbles !!