Date: Tue, 7 Apr 1998 11:39:20 -0700 (PDT) From: jcwells@u.washington.edu To: freebsd-gnats-submit@FreeBSD.ORG Subject: bin/6241: getty accepts inputs that it should not Message-ID: <199804071839.LAA11677@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 6241 >Category: bin >Synopsis: getty accepts inputs that it should not >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Apr 7 11:40:04 PDT 1998 >Last-Modified: >Originator: Jason Wells >Organization: na >Release: 2.2.2-RELEASE >Environment: FreeBSD s8-37-26.student.washington.edu 2.2.2-RELEASE FreeBSD 2.2.2-RELEASE #0: Sat Mar 21 21:23:27 PST 1998 jason@s8-37-26.student.washington.edu:/usr/src/sys/compile/BRONCO i386 >Description: When at the 'login:' prompt on the console I was able to backspace over the prompt, use the arrow key to move the cursor around the screen. >How-To-Repeat: Login on the console Logout At the new 'login:' prompt hit f12 now backspace and use arrow keys to move the cursor around >Fix: I dunno. The problem seems minor. It was a fluke that I found it at all. If getty is still secure, then this probably no big deal. If this impacts getty's security. then it is a pretty big deal. In my non-expert way, I must ask if a clever person can device a series of keystrokes that getty should not accept (but does) that can return a shell? >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804071839.LAA11677>