character injecting on linux console

[Doru Petrescu <pdoru () kappa ro>]

Hi everybody,

One strange thing I found while playing with binary files on my terminal:
some special sequences are able to inject characters into my terminal
input buffer as if I typed them on the keyboard.

on my linux (v2.4.5) TEXT console ($TERM=linux), if I execute:
  perl -e 'print "\x9E\x9bc"'

when the shell returns back to my prompt I will find 2 characters in the
command line as I typed them!!! the two of them are: "6c"

So, if I press enter, the shell will complain that can't find/execute
command "6c". Of cource I can just erase them, and everything will by OK.

BUT, THE IDEA IS: WHY IS THIS HAPPENING ?!?!?

Imagine this: You receive an email, you open it with your favourite text
mail reader (mail/pine/mutt/etc). the mail contains some unpleasent binary
garbage that when the mail program output them to the terminal will
trigger something and will INJECT characters into your terminal
input buffer, and by doing so INJECTING commands as if YOU typed them
from the keyboard. this means that someone could take over your terminal
!!! hijacking your shell prompt !!!


However, untill now I was only able to inject series of "6c", and I didn't
found a way to inject ENTER or something that will trigger the shell to
execute the command. more researchis needed.
Also this only work on LINUX text CONSOLE. not on Xterm, or something else.

1. Can you guys check if this works on your systems as well ?
just execute this cmd: perl -e 'print "\x9E\x9bc"'

2. Can someone explain to me what is happening ?
is this a bug in the kernel code that handles terminal output ? can we
make it do something else ? (like overwriting memory, etc ...)


Best regards,
------
Doru Petrescu
KappaNet - Senior Software Engineer
E-mail: pdoru () kappa ro                LINUX - the choice of the GNU generation