On Thu, Jan 11, 2007 at 06:08:12PM +0000, Jason Holt wrote: > > Ack! That sounds like one of those unexpected features that could really > get you in trouble. Looks like it tries to be clever, though: > > $ nc -l -p 1337 | ssh localhost > Pseudo-terminal will not be allocated because stdin is not a terminal. > > I bet there's some weird case where it wouldn't be able to tell, at which > point the data coming over the connection astonishingly becomes metadata.
Spoken like a true security expert :) Wow, this would definitely be fun to research more into. > I discovered an analogous vulnerability years ago at a dialup ISP where > people could dial in directly to a login: prompt on our sun. I wrote a > script that echoed 3 tildes, waited, then did it again, followed by a few > tricky AT commands so the terminal server wouldn't know when the modem hung > up. Then I did "ATH1" followed by "ATDT [my phone number]". When I ran > the script, the modem hung up on me... but then called me back! Wow, that's scary. I bet you could have made it do something a lot more malicious. Good thing you're a "white hat". Phillip P.S. Was it ~~~ or +++? I seem to remember +++ for some reason. -- Phillip Hellewell <phillip AT hellewell.homeip.net> -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
