Date: Thu, 10 Sep 1998 12:51:37 -0700 From: Harold Hankins <hwh@hjns.net> To: security@FreeBSD.ORG Subject: Re: cat exploit Message-ID: <199809101951.MAA03493@hwhlap.hjns.net>
next in thread | raw e-mail | index | archive | help
Jay Tribick <netadmin@fastnet.co.uk> wrote: >> That's exactly what I was saying - just for example, say your installing >> something as root you usually cat the file INSTALL to find out what >> you need to do - it would be relatively simple to embed a command i>> n there to just rm -rf / & your hd! One of the first rules of unix admin is NEVER cat a file to your terminal. This is an old security hole, I thought everyone knew about it. Maybe its been too long since it was exploited and its been forgotten. A little background for newcomers to unix administration: Most terminals had escape sequences not only to answerback but also to send all or part of the screen contents back to the host. This was used to allow us to write "forms" on the screen, let the user fill it in, and then let the program ask the terminal to send the answers back to it for processing. It was also used to allow us to read back the contents of the screen so we could send it to lpr to do a screen print. It also opened up the possibility of abuse by embedding the escape sequences in text files as you found. We also sometimes cat'ed the escape sequences to other peoples terminals by using a command like 'cat abc.txt >/dev/tty1a' to send commands to other peoples terminals. Mostly it was harmless fun like sending hundreds of bell characters but some people actually sent commands to delete files or do other nasty things. Harold Hankins <hwh@hjns.net> -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809101951.MAA03493>