Xref: utzoo comp.lang.c:15538 comp.unix.wizards:14135
Newsgroups: comp.lang.c,comp.unix.wizards
Path: utzoo!henry
From: henry@utzoo.uucp (Henry Spencer)
Subject: Re: spiffy terminals (was: printf, data presentation)
Message-ID: <1989Jan16.023008.28875@utzoo.uucp>
Organization: U of Toronto Zoology
References: <443@marob.MASA.COM> <9287@smoke.BRL.MIL> <9307@smoke.BRL.MIL> <815@ttrde.UUCP> <7055@cdis-1.uucp>
Date: Mon, 16 Jan 89 02:30:08 GMT

In article <7055@cdis-1.uucp> tanner@cdis-1.uucp (Dr. T. Andrews) writes:
>) 630 is programmable.
>
>What this means, in short, is that you can write a program to have
>this terminal send anything you want.  Send the proper escape
>sequence to it when someone is su "root", and you've just programmed
>it to send commands to allow unpassworded root access.

If someone else can send arbitrary bytes to your terminal without your
approval, you have bigger problems than programmable terminals.  Exploiting
them can be fairly hard, but it *can* be done, especially if the user isn't
too attentive to what's happening on his terminal.  What you type is
often a response to what you see.

If you do "su root" and then run programs whose output you cannot trust,
you again have bigger problems than programmable terminals.  This time
the exploitation is easy.
-- 
"God willing, we will return." |     Henry Spencer at U of Toronto Zoology
-Eugene Cernan, the Moon, 1972 | uunet!attcan!utzoo!henry henry@zoo.toronto.edu