.plan
Doug Gwyn
gwyn at smoke.BRL.MIL
Fri Sep 1 10:31:58 AEST 1989
In article <474 at escom.com> al at escom.com (Al Donaldson) writes:
>so is the point that a nastygram can be stored in my terminal, triggered
>remotely by echo'ing a ctrl-E to my terminal, with the nastygram getting
>passed straight to my shell?
Yes -- it's yet another place for eventual faked input to be stored in
the terminal. So far we have:
- Answerback (triggered by ^E)
- Programmable function key (triggerable on some terminals)
- Display memory (triggerable on some terminals)
There may be others. The one thing they all have in common is that the
trigger must be sent to them, which under normal circumstances wouldn't
occur. Only if somebody has found a way to get arbitrary characters
sent to user terminals does the potential problem become a real one.
There are a number of Trojan horse and other approaches that could be
used to send a trigger; the reported "finger" behavior was one of the
easiest ones.
More information about the Comp.unix.questions
mailing list