Re: Eterm others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
On Mon, 19 Apr 2004, Jan Minar wrote: On Mon, Apr 19, 2004 at 11:18:41AM -0700, Matt Zimmerman wrote: On Mon, Apr 19, 2004 at 07:51:27PM +0200, Jan Minar wrote: Come on, Matt: Virtually all terminal emulators are vulnerable, and the vulnerability is a common knowledge. The abovementioned paper was on Bugtraq 2003-02-24 21:02:52... Is the Security Team going to do something about it themselves (filing RC bugs at least)? You are part of a community, not somebody purchasing a service. Take some initiative and contribute. And as a part of this community, I am saying right now: We have a big problem, and the problem is we don't deal with security issues known for decades, while happily convincing newcomers our system is fairly secure. It's not. Since you are part of the community, do something to fix the problem, instead of just whining about it. Contributing some work will buy you the right to criticise other people's hard work, until then please point out bugs (which is useful) but otherwise please keep your flames for yourself and shut up. bye Giacomo -- _ Giacomo Mulas [EMAIL PROTECTED] _ OSSERVATORIO ASTRONOMICO DI CAGLIARI Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA) Tel. (OAC): +39 070 71180 248 Fax : +39 070 71180 222 Tel. (UNICA): +39 070 675 4916 _ When the storms are raging around you, stay right where you are (Freddy Mercury) _
Eterm others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
On Sun, Apr 18, 2004 at 11:58:21AM -0700, Matt Zimmerman wrote: untrusted source. This is a fundamental Unix feature (or flaw). Terminal control sequences may be contained in the data. I've read this [1]analysis by by H D Moore. No matter how convenient the escape sequences that allow injecting of arbitrary data as-if typed by the user might be, they should go, and they should go now. [1] http://marc.theaimsgroup.com/?l=bugtraqm=104612710031920w=2 I will add few remarks to the abovementioned paper: (1) It's possible to covertly inject arbitrary commands in a shell command-line, by switching the echoing of characters typed off and on, letting the user press the Ret him-/herself. (2) There are many applications that allow bang-shell-escape, where Ret is used e.g. for scrolling (less(1), mutt(1)). Although the dangerous escape sequences might be filtered out [by default], this can be turned off -- And there *are* no warning signs. (3) There probably is a way of abusing e.g. the readline(3) macro ability, obviating the need of Ret being included in the payload; in some environments, some ordinary ASCII character might be mapped to Ret by default, even. (4) This is a failure to separate the security domains cleanly, by allowing the intruder to type things with the terminal owner's privileges. It breaks the security scheme very deeply, and exactly because of this, ``nobody'' would expect it. (5) Many observations made about MS Outlook friends e.g. wrt the click-me virii apply. But this is even worse than Windows: Here any and every file may contain executable code, any and every file may carry a `virus'. Looking forward to your comments. Cheers, Jan. pgp0.pgp Description: PGP signature
Re: Eterm others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
On Mon, Apr 19, 2004 at 06:08:51PM +0200, Jan Minar wrote: On Sun, Apr 18, 2004 at 11:58:21AM -0700, Matt Zimmerman wrote: untrusted source. This is a fundamental Unix feature (or flaw). Terminal control sequences may be contained in the data. I've read this [1]analysis by by H D Moore. No matter how convenient the escape sequences that allow injecting of arbitrary data as-if typed by the user might be, they should go, and they should go now. Yes, I agree. Patches and bug reports, where appropriate, are welcome. These are the real bugs, not Apache's. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Eterm others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
On Mon, Apr 19, 2004 at 09:32:47AM -0700, Matt Zimmerman wrote: On Mon, Apr 19, 2004 at 06:08:51PM +0200, Jan Minar wrote: On Sun, Apr 18, 2004 at 11:58:21AM -0700, Matt Zimmerman wrote: untrusted source. This is a fundamental Unix feature (or flaw). Terminal control sequences may be contained in the data. I've read this [1]analysis by by H D Moore. No matter how convenient the escape sequences that allow injecting of arbitrary data as-if typed by the user might be, they should go, and they should go now. Yes, I agree. Patches and bug reports, where appropriate, are welcome. These are the real bugs, not Apache's. Come on, Matt: Virtually all terminal emulators are vulnerable, and the vulnerability is a common knowledge. The abovementioned paper was on Bugtraq 2003-02-24 21:02:52... Is the Security Team going to do something about it themselves (filing RC bugs at least)? Jan. -- Q: To prece nejde nekoho zastrelit jen tak. Kazdy ma sva nezadatelna lidska prava, i ten zlocinec. Bylo fakt nutne strilet? A: To urcite nebylo. Mohli ho chytit a ukopat. pgp0.pgp Description: PGP signature
Re: Eterm others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
On Mon, Apr 19, 2004 at 07:51:27PM +0200, Jan Minar wrote: Come on, Matt: Virtually all terminal emulators are vulnerable, and the vulnerability is a common knowledge. The abovementioned paper was on Bugtraq 2003-02-24 21:02:52... Is the Security Team going to do something about it themselves (filing RC bugs at least)? You are part of a community, not somebody purchasing a service. Take some initiative and contribute. The security team does not have the resources to audit Debian, and can barely keep up with new issues as they become known. Pointing and whining doesn't help. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Eterm others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
On Mon, Apr 19, 2004 at 11:18:41AM -0700, Matt Zimmerman wrote: On Mon, Apr 19, 2004 at 07:51:27PM +0200, Jan Minar wrote: Come on, Matt: Virtually all terminal emulators are vulnerable, and the vulnerability is a common knowledge. The abovementioned paper was on Bugtraq 2003-02-24 21:02:52... Is the Security Team going to do something about it themselves (filing RC bugs at least)? You are part of a community, not somebody purchasing a service. Take some initiative and contribute. And as a part of this community, I am saying right now: We have a big problem, and the problem is we don't deal with security issues known for decades, while happily convincing newcomers our system is fairly secure. It's not. Haha, I can feel the free spirit of the computer labs of the late sixties: /usr/src/linux/drivers/char/console.c: case 12: /* bring specified console to the front */ if (par[1] = 1 vc_cons_allocated(par[1]-1)) set_console(par[1] - 1); break; % ssh kh [EMAIL PROTECTED]'s password: Linux kontryhel 2.4.26-jan #3 SMP Mon Apr 19 05:00:00 CEST 2004 i686 unknown % echo 'Morning, Mister root, welcome to a jail 8-)' /dev/tty63 % while :; do echo -e '\033[12;63]' /dev/tty63; done The security team does not have the resources to audit Debian, and can barely keep up with new issues as they become known. Pointing and whining doesn't help. This is a *known issue*. It just seems there is no will to fix this... for over a decade. If Debian is going to be as insecure as this, why don't all the Security Team take a long pleasurable holiday, after all? -- Q: To prece nejde nekoho zastrelit jen tak. Kazdy ma sva nezadatelna lidska prava, i ten zlocinec. Bylo fakt nutne strilet? A: To urcite nebylo. Mohli ho chytit a ukopat. pgp0.pgp Description: PGP signature
Re: Eterm others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
On Mon, Apr 19, 2004 at 09:31:27PM +0200, Jan Minar wrote: And as a part of this community, I am... [doing more pointing and whining] Did you miss the bit where I said that didn't help? Haha, I can feel the free spirit of the computer labs of the late sixties: /usr/src/linux/drivers/char/console.c: case 12: /* bring specified console to the front */ if (par[1] = 1 vc_cons_allocated(par[1]-1)) set_console(par[1] - 1); break; % ssh kh [EMAIL PROTECTED]'s password: Linux kontryhel 2.4.26-jan #3 SMP Mon Apr 19 05:00:00 CEST 2004 i686 unknown % echo 'Morning, Mister root, welcome to a jail 8-)' /dev/tty63 % while :; do echo -e '\033[12;63]' /dev/tty63; done The relevant permissions are more restrictive with udev: crw---1 root root 4, 63 2004-03-17 16:23 /dev/tty63 So this is a makedev bug, or a devfsd bug, or both. Oddly enough, though, I don't see a bug report from you (or anyone else) against either package. This would seem to further reinforce my impression so far, which is that your intention is to make a lot of noise without doing any work. Reporting a bug is a very small amount of effort, approximately the same as that required for you to post this message, but much more useful. This is a *known issue*. It just seems there is no will to fix this... for over a decade. If Debian is going to be as insecure as this, why don't all the Security Team take a long pleasurable holiday, after all? Debian didn't have a release a decade ago, nor a bug tracking system, nor a security team. So to whom exactly did you make this *issue* *known* within Debian a decade ago? Or at any other time? -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Eterm others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
This one time, at band camp, Matt Zimmerman said: On Mon, Apr 19, 2004 at 09:31:27PM +0200, Jan Minar wrote: % ssh kh [EMAIL PROTECTED]'s password: Linux kontryhel 2.4.26-jan #3 SMP Mon Apr 19 05:00:00 CEST 2004 i686 unknown % echo 'Morning, Mister root, welcome to a jail 8-)' /dev/tty63 % while :; do echo -e '\033[12;63]' /dev/tty63; done The relevant permissions are more restrictive with udev: crw---1 root root 4, 63 2004-03-17 16:23 /dev/tty63 And on a newly installed sid box: crw---1 root tty4, 63 2004-03-23 16:49 /dev/tty63 No udev here. Previous installs may have had bad permissions, but current ones do not. Perhaps, Jan, if you're interested, file a bug against makedev or one fo the other associated packages, asking them to check the permissions on these devices on upgrade, and correct if necessary. Seems trivial enough to do. A patch would probably not hurt. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - pgp0.pgp Description: PGP signature
Re: Eterm others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
I believe that the permissions are changed to allow a logged in user to access that terminal. The permissions are handled and reset by the appropriate log in service. [EMAIL PROTECTED]:~$ ls -lh /dev/pts/3 crw---1 plhofmei tty 136, 3 Apr 19 16:47 /dev/pts/3 [EMAIL PROTECTED]:~$ Other than that...I have always noted the /dev/tty and /dev/pts devices to always be secured and owned by root. I have been using Debian since Potato-- (been so long, I forgot what the code name was...) On Mon, 19 Apr 2004 at 04:15:41PM -0400, Stephen Gran wrote: This one time, at band camp, Matt Zimmerman said: On Mon, Apr 19, 2004 at 09:31:27PM +0200, Jan Minar wrote: % ssh kh [EMAIL PROTECTED]'s password: Linux kontryhel 2.4.26-jan #3 SMP Mon Apr 19 05:00:00 CEST 2004 i686 unknown % echo 'Morning, Mister root, welcome to a jail 8-)' /dev/tty63 % while :; do echo -e '\033[12;63]' /dev/tty63; done The relevant permissions are more restrictive with udev: crw---1 root root 4, 63 2004-03-17 16:23 /dev/tty63 And on a newly installed sid box: crw---1 root tty4, 63 2004-03-23 16:49 /dev/tty63 No udev here. Previous installs may have had bad permissions, but current ones do not. Perhaps, Jan, if you're interested, file a bug against makedev or one fo the other associated packages, asking them to check the permissions on these devices on upgrade, and correct if necessary. Seems trivial enough to do. A patch would probably not hurt. -- - | ,''`. Stephen Gran | | : :' : [EMAIL PROTECTED] | | `. `' Debian user, admin, and developer | |`- http://www.debian.org | - -- Phillip Hofmeister PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.asc | gpg --import
Re: Eterm others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
On Mon, Apr 19, 2004 at 01:07:59PM -0700, Matt Zimmerman wrote: On Mon, Apr 19, 2004 at 09:31:27PM +0200, Jan Minar wrote: And as a part of this community, I am... [doing more pointing and whining] We are going astray. Maybe a time to rephrase... We have security issues in Debian stable every interested party knows about (that posting was on bugtraq a year ago), except for the Debian users, and the Security Team. It's not about Eterm, or the console.c in Linux, or the tty permissions, it's about the bigger picture. Now I shut up. Jan. -- To me, clowns aren't funny. In fact, they're kind of scary. I've wondered where this started and I think it goes back to the time I went to the circus, and a clown killed my dad. pgp0.pgp Description: PGP signature
Eterm others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
On Sun, Apr 18, 2004 at 11:58:21AM -0700, Matt Zimmerman wrote: untrusted source. This is a fundamental Unix feature (or flaw). Terminal control sequences may be contained in the data. I've read this [1]analysis by by H D Moore. No matter how convenient the escape sequences that allow injecting of arbitrary data as-if typed by the user might be, they should go, and they should go now. [1] http://marc.theaimsgroup.com/?l=bugtraqm=104612710031920w=2 I will add few remarks to the abovementioned paper: (1) It's possible to covertly inject arbitrary commands in a shell command-line, by switching the echoing of characters typed off and on, letting the user press the Ret him-/herself. (2) There are many applications that allow bang-shell-escape, where Ret is used e.g. for scrolling (less(1), mutt(1)). Although the dangerous escape sequences might be filtered out [by default], this can be turned off -- And there *are* no warning signs. (3) There probably is a way of abusing e.g. the readline(3) macro ability, obviating the need of Ret being included in the payload; in some environments, some ordinary ASCII character might be mapped to Ret by default, even. (4) This is a failure to separate the security domains cleanly, by allowing the intruder to type things with the terminal owner's privileges. It breaks the security scheme very deeply, and exactly because of this, ``nobody'' would expect it. (5) Many observations made about MS Outlook friends e.g. wrt the click-me virii apply. But this is even worse than Windows: Here any and every file may contain executable code, any and every file may carry a `virus'. Looking forward to your comments. Cheers, Jan. pgpFyuVFJF8Ew.pgp Description: PGP signature
Re: Eterm others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
On Mon, Apr 19, 2004 at 06:08:51PM +0200, Jan Minar wrote: On Sun, Apr 18, 2004 at 11:58:21AM -0700, Matt Zimmerman wrote: untrusted source. This is a fundamental Unix feature (or flaw). Terminal control sequences may be contained in the data. I've read this [1]analysis by by H D Moore. No matter how convenient the escape sequences that allow injecting of arbitrary data as-if typed by the user might be, they should go, and they should go now. Yes, I agree. Patches and bug reports, where appropriate, are welcome. These are the real bugs, not Apache's. -- - mdz
Re: Eterm others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
On Mon, Apr 19, 2004 at 09:32:47AM -0700, Matt Zimmerman wrote: On Mon, Apr 19, 2004 at 06:08:51PM +0200, Jan Minar wrote: On Sun, Apr 18, 2004 at 11:58:21AM -0700, Matt Zimmerman wrote: untrusted source. This is a fundamental Unix feature (or flaw). Terminal control sequences may be contained in the data. I've read this [1]analysis by by H D Moore. No matter how convenient the escape sequences that allow injecting of arbitrary data as-if typed by the user might be, they should go, and they should go now. Yes, I agree. Patches and bug reports, where appropriate, are welcome. These are the real bugs, not Apache's. Come on, Matt: Virtually all terminal emulators are vulnerable, and the vulnerability is a common knowledge. The abovementioned paper was on Bugtraq 2003-02-24 21:02:52... Is the Security Team going to do something about it themselves (filing RC bugs at least)? Jan. -- Q: To prece nejde nekoho zastrelit jen tak. Kazdy ma sva nezadatelna lidska prava, i ten zlocinec. Bylo fakt nutne strilet? A: To urcite nebylo. Mohli ho chytit a ukopat. pgpf03idgzELH.pgp Description: PGP signature
Re: Eterm others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
On Mon, Apr 19, 2004 at 07:51:27PM +0200, Jan Minar wrote: Come on, Matt: Virtually all terminal emulators are vulnerable, and the vulnerability is a common knowledge. The abovementioned paper was on Bugtraq 2003-02-24 21:02:52... Is the Security Team going to do something about it themselves (filing RC bugs at least)? You are part of a community, not somebody purchasing a service. Take some initiative and contribute. The security team does not have the resources to audit Debian, and can barely keep up with new issues as they become known. Pointing and whining doesn't help. -- - mdz
Re: Eterm others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
On Mon, Apr 19, 2004 at 11:18:41AM -0700, Matt Zimmerman wrote: On Mon, Apr 19, 2004 at 07:51:27PM +0200, Jan Minar wrote: Come on, Matt: Virtually all terminal emulators are vulnerable, and the vulnerability is a common knowledge. The abovementioned paper was on Bugtraq 2003-02-24 21:02:52... Is the Security Team going to do something about it themselves (filing RC bugs at least)? You are part of a community, not somebody purchasing a service. Take some initiative and contribute. And as a part of this community, I am saying right now: We have a big problem, and the problem is we don't deal with security issues known for decades, while happily convincing newcomers our system is fairly secure. It's not. Haha, I can feel the free spirit of the computer labs of the late sixties: /usr/src/linux/drivers/char/console.c: case 12: /* bring specified console to the front */ if (par[1] = 1 vc_cons_allocated(par[1]-1)) set_console(par[1] - 1); break; % ssh kh [EMAIL PROTECTED]'s password: Linux kontryhel 2.4.26-jan #3 SMP Mon Apr 19 05:00:00 CEST 2004 i686 unknown % echo 'Morning, Mister root, welcome to a jail 8-)' /dev/tty63 % while :; do echo -e '\033[12;63]' /dev/tty63; done The security team does not have the resources to audit Debian, and can barely keep up with new issues as they become known. Pointing and whining doesn't help. This is a *known issue*. It just seems there is no will to fix this... for over a decade. If Debian is going to be as insecure as this, why don't all the Security Team take a long pleasurable holiday, after all? -- Q: To prece nejde nekoho zastrelit jen tak. Kazdy ma sva nezadatelna lidska prava, i ten zlocinec. Bylo fakt nutne strilet? A: To urcite nebylo. Mohli ho chytit a ukopat. pgpbVp2QOtfcS.pgp Description: PGP signature
Re: Eterm others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
On Mon, Apr 19, 2004 at 09:31:27PM +0200, Jan Minar wrote: And as a part of this community, I am... [doing more pointing and whining] Did you miss the bit where I said that didn't help? Haha, I can feel the free spirit of the computer labs of the late sixties: /usr/src/linux/drivers/char/console.c: case 12: /* bring specified console to the front */ if (par[1] = 1 vc_cons_allocated(par[1]-1)) set_console(par[1] - 1); break; % ssh kh [EMAIL PROTECTED]'s password: Linux kontryhel 2.4.26-jan #3 SMP Mon Apr 19 05:00:00 CEST 2004 i686 unknown % echo 'Morning, Mister root, welcome to a jail 8-)' /dev/tty63 % while :; do echo -e '\033[12;63]' /dev/tty63; done The relevant permissions are more restrictive with udev: crw---1 root root 4, 63 2004-03-17 16:23 /dev/tty63 So this is a makedev bug, or a devfsd bug, or both. Oddly enough, though, I don't see a bug report from you (or anyone else) against either package. This would seem to further reinforce my impression so far, which is that your intention is to make a lot of noise without doing any work. Reporting a bug is a very small amount of effort, approximately the same as that required for you to post this message, but much more useful. This is a *known issue*. It just seems there is no will to fix this... for over a decade. If Debian is going to be as insecure as this, why don't all the Security Team take a long pleasurable holiday, after all? Debian didn't have a release a decade ago, nor a bug tracking system, nor a security team. So to whom exactly did you make this *issue* *known* within Debian a decade ago? Or at any other time? -- - mdz
Re: Eterm others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
This one time, at band camp, Matt Zimmerman said: On Mon, Apr 19, 2004 at 09:31:27PM +0200, Jan Minar wrote: % ssh kh [EMAIL PROTECTED]'s password: Linux kontryhel 2.4.26-jan #3 SMP Mon Apr 19 05:00:00 CEST 2004 i686 unknown % echo 'Morning, Mister root, welcome to a jail 8-)' /dev/tty63 % while :; do echo -e '\033[12;63]' /dev/tty63; done The relevant permissions are more restrictive with udev: crw---1 root root 4, 63 2004-03-17 16:23 /dev/tty63 And on a newly installed sid box: crw---1 root tty4, 63 2004-03-23 16:49 /dev/tty63 No udev here. Previous installs may have had bad permissions, but current ones do not. Perhaps, Jan, if you're interested, file a bug against makedev or one fo the other associated packages, asking them to check the permissions on these devices on upgrade, and correct if necessary. Seems trivial enough to do. A patch would probably not hurt. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - pgpVNKqN9uqUw.pgp Description: PGP signature
Re: Eterm others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
I believe that the permissions are changed to allow a logged in user to access that terminal. The permissions are handled and reset by the appropriate log in service. [EMAIL PROTECTED]:~$ ls -lh /dev/pts/3 crw---1 plhofmei tty 136, 3 Apr 19 16:47 /dev/pts/3 [EMAIL PROTECTED]:~$ Other than that...I have always noted the /dev/tty and /dev/pts devices to always be secured and owned by root. I have been using Debian since Potato-- (been so long, I forgot what the code name was...) On Mon, 19 Apr 2004 at 04:15:41PM -0400, Stephen Gran wrote: This one time, at band camp, Matt Zimmerman said: On Mon, Apr 19, 2004 at 09:31:27PM +0200, Jan Minar wrote: % ssh kh [EMAIL PROTECTED]'s password: Linux kontryhel 2.4.26-jan #3 SMP Mon Apr 19 05:00:00 CEST 2004 i686 unknown % echo 'Morning, Mister root, welcome to a jail 8-)' /dev/tty63 % while :; do echo -e '\033[12;63]' /dev/tty63; done The relevant permissions are more restrictive with udev: crw---1 root root 4, 63 2004-03-17 16:23 /dev/tty63 And on a newly installed sid box: crw---1 root tty4, 63 2004-03-23 16:49 /dev/tty63 No udev here. Previous installs may have had bad permissions, but current ones do not. Perhaps, Jan, if you're interested, file a bug against makedev or one fo the other associated packages, asking them to check the permissions on these devices on upgrade, and correct if necessary. Seems trivial enough to do. A patch would probably not hurt. -- - | ,''`. Stephen Gran | | : :' : [EMAIL PROTECTED] | | `. `' Debian user, admin, and developer | |`- http://www.debian.org | - -- Phillip Hofmeister PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.asc | gpg --import
Re: Eterm others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
On Mon, Apr 19, 2004 at 01:07:59PM -0700, Matt Zimmerman wrote: On Mon, Apr 19, 2004 at 09:31:27PM +0200, Jan Minar wrote: And as a part of this community, I am... [doing more pointing and whining] We are going astray. Maybe a time to rephrase... We have security issues in Debian stable every interested party knows about (that posting was on bugtraq a year ago), except for the Debian users, and the Security Team. It's not about Eterm, or the console.c in Linux, or the tty permissions, it's about the bigger picture. Now I shut up. Jan. -- To me, clowns aren't funny. In fact, they're kind of scary. I've wondered where this started and I think it goes back to the time I went to the circus, and a clown killed my dad. pgpdZi7IjLupO.pgp Description: PGP signature
Re: Eterm others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
On Mon, Apr 19, 2004 at 11:18:51PM +0200, Jan Minar wrote: It's not about Eterm, or the console.c in Linux, or the tty permissions, it's about the bigger picture. The bigger picture is that there are security problems and there are security problems. The only specific problem you pointed out is just not a big deal. Mike Stone