oss-sec mailing list archives
/dev/ptmx timing
From: vladz <vladz () devzero fr>
Date: Mon, 7 Jan 2013 23:23:49 +0100
Hi list, I noticed that it was possible to measure inter-keystrokes timing thanks to the /dev/ptmx character device. Any local user that is using pseudo-terminal can be targeted. As it may also be used to disclose sensible information such as password length, I was wondering if it should be treat as a security issue? Description + PoC: http://vladz.devzero.fr/013_ptmx-timing.php. No sure right now but I think the only way to solve this is to modify the pts handling at kernel level. Any opinions on that? Thanks, vladz.
Current thread:
- /dev/ptmx timing vladz (Jan 07)
- Re: /dev/ptmx timing adam swanda (Jan 07)
- Re: /dev/ptmx timing Dmitry V. Levin (Jan 07)
- Re: /dev/ptmx timing Vasily Kulikov (Jan 07)
- Re: /dev/ptmx timing Dmitry V. Levin (Jan 07)
- Re: /dev/ptmx timing Kurt Seifried (Jan 07)
- Re: /dev/ptmx timing adam swanda (Jan 07)