Terminal hacking
Jim Vlcek
vlcek at mit-caf.MIT.EDU
Tue Aug 29 03:01:33 AEST 1989
People talking about ways of reprogramming someone else's terminal
function keys:
``/tmp/PLEASE-README, and wait for someone with the right terminal (and
capabilities) to cat it. And that isn't a security hole in cat...''
``Anyone who uses "cat" to display unknown file contents on his fancy
terminal deserves whatever he gets. However, in the case of
"finger", there is no alternate method available (assuming remote
system use). Therefore "finger" ought to better support its
intended use.''
A friend of mine here at MIT was able to reprogram our terminal's
setup configs by including escape sequences in the ``subject'' field
of email messages. He limited his merriment to changing the name that
the terminal displayed on its topmost line, but he could have done
much worse.
There's got to be a million such holes in each and every flavor of
Unix one might work under. Closing known ones, like ``finger,'' is
certainly a good idea, but the best idea would be to redesign
terminals to greatly restrict attempts to reconfigure them over their
serial link.
In a previous message, Doug Gwyn mentioned that some terminals allow
certain escape sequences to trigger actual input from the terminal.
Good God in Heaven! What on Earth would you want to do that for?!
Jim Vlcek (vlcek at caf.mit.edu uunet!mit-caf!vlcek)
More information about the Comp.unix.questions
mailing list