Subject: | |
From: | |
Reply To: | |
Date: | Fri, 24 Jan 1997 12:40:23 -0800 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Craig Fairchild <[log in to unmask]> wrote:
> P.S. Did you know that being able to send messages like your example
> was at one time a huge security hole on UNIX? It basically allowed very
> clever users to send messages to the terminals of superusers, and those
> messages were then executed as commands from the superuser's session.
> Because of MPE's device security rules (and a few other helpful security
> attributes), we were never in jeapordy from this type of attack.
Many years ago, there was something in Interact related to this.
I think it was something Eugene wrote in the section on questions
and answers.
It showed how the :TELL command strips out all escape sequences
except for display enhancements because of exactly this. (Otherwise,
you could send a msg to SM that was really an MPE command, followed
by the escape sequence to read [and therefore execute] the command.)
There was a bit of a controversy over this article, though, because
it showed how to override this behaviour. (As I recall through this
very fuzzy memory, it required installing a routine into the system SL.)
Bottom line: While we were never in jeopardy from this type of attack,
we could put ourselves in such a position.
--Glenn Cole
Software al dente, Inc.
[log in to unmask]
|
|
|