Bugtraq mailing list archives
Re: Fwd: Re: Splitvt exploit
From: thomas () SUSE DE (Thomas Biege)
Date: Tue, 20 Jun 2000 08:36:11 +0200
Hi,
splitvt isn't installed setuid on SuSE Linux.So how does it work? If it's not setuid, and has not been patched to use devpts, it has no way of chowning the tty's it uses. That means that when you run splitvt, you are typing into a shell that is connected to a tty that is (typically) mode: crw-rw-rw- 1 root tty 3, 176 Jun 14 14:53 /dev/ttya0 Thus, third parties can eg, write escape sequences to the terminal, and possibly remap keystrokes to do evil things. And they can certianly capture your keystokes to that terminal.
Yes, you're right. We're currently testing splitvt with the /dev/pts stuff.... thanks for that hint. Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas () suse de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
Current thread:
- Re: Splitvt exploit Thomas Biege (Jun 15)
- Re: Splitvt exploit Joey Hess (Jun 15)
- <Possible follow-ups>
- Re: Fwd: Re: Splitvt exploit Thomas Biege (Jun 19)