Vulnerability Development mailing list archives
Re: character injecting on linux console
From: "Michael R. Rudel" <mrr () thud pcs k12 mi us>
Date: Sat, 8 Dec 2001 12:57:59 -0500 (EST)
[mrr@thud] [~]-> uname -a FreeBSD thud.pcs.k12.mi.us 4.3-STABLE FreeBSD 4.3-STABLE #0: Fri Jul 27 15:31:11 EDT 2001 mrr () thud pcs k12 mi us:/usr/src/sys/compile/thud i386 [mrr@thud] [~]-> perl -e 'print "\x9E\x9bc"' [mrr@thud] [~]-> 62;1;2;6;7;8;9c The shell on the FreeBSD machine is 2.04.0(1). The results are the same no matter what I change my terminal type to. Results are the exact same with vt220 on a Linux 2.4.14 using bash 1.4.7. Ditto for the results being the same when the terminal type is changed. Results are also the same even if I change shells. However, 'sh' on the FreeBSD machines appends '^[[?' to the string. tcsh, csh, zsh all return the same, though. Michael R. Rudel * mrr () gotclue org * 734.417.4859 * www.gotclue.org Technician, Pinckney Community Schools * mrr () pcs k12 mi us Principal Engineer, Michael R. Rudel Consulting * mrr () mrrconsulting net On Sat, 8 Dec 2001, Doru Petrescu wrote:
Hi everybody, One strange thing I found while playing with binary files on my terminal: some special sequences are able to inject characters into my terminal input buffer as if I typed them on the keyboard. on my linux (v2.4.5) TEXT console ($TERM=linux), if I execute: perl -e 'print "\x9E\x9bc"' when the shell returns back to my prompt I will find 2 characters in the command line as I typed them!!! the two of them are: "6c" So, if I press enter, the shell will complain that can't find/execute command "6c". Of cource I can just erase them, and everything will by OK. BUT, THE IDEA IS: WHY IS THIS HAPPENING ?!?!? Imagine this: You receive an email, you open it with your favourite text mail reader (mail/pine/mutt/etc). the mail contains some unpleasent binary garbage that when the mail program output them to the terminal will trigger something and will INJECT characters into your terminal input buffer, and by doing so INJECTING commands as if YOU typed them from the keyboard. this means that someone could take over your terminal !!! hijacking your shell prompt !!! However, untill now I was only able to inject series of "6c", and I didn't found a way to inject ENTER or something that will trigger the shell to execute the command. more researchis needed. Also this only work on LINUX text CONSOLE. not on Xterm, or something else. 1. Can you guys check if this works on your systems as well ? just execute this cmd: perl -e 'print "\x9E\x9bc"' 2. Can someone explain to me what is happening ? is this a bug in the kernel code that handles terminal output ? can we make it do something else ? (like overwriting memory, etc ...) Best regards, ------ Doru Petrescu KappaNet - Senior Software Engineer E-mail: pdoru () kappa ro LINUX - the choice of the GNU generation
Current thread:
- character injecting on linux console Doru Petrescu (Dec 08)
- Re: character injecting on linux console Michael R. Rudel (Dec 08)
- Re: character injecting on linux console Michael Greenberg (Dec 08)
- Re: character injecting on linux console Michael R. Rudel (Dec 08)
- Re: character injecting on linux console Doru Petrescu (Dec 08)
- Re: character injecting on linux console Michael Greenberg (Dec 08)
- Re: character injecting on linux console Michal Zalewski (Dec 08)
- Re: character injecting on linux console Robert van der Meulen (Dec 08)
- Re: character injecting on linux console Nelson Brito (Dec 09)
- Re: character injecting on linux console Michal Zalewski (Dec 09)
- Re: character injecting on linux console Valdis . Kletnieks (Dec 10)
- Re: character injecting on linux console Michal Zalewski (Dec 10)
- Re: character injecting on linux console Michael R. Rudel (Dec 08)
- Re: character injecting on linux console Robert van der Meulen (Dec 08)