Path: utzoo!utgpu!water!watmath!clyde!bellcore!rutgers!mit-eddie!uw-beaver!tektronix!uunet!uport!plocher
From: plocher@uport.UUCP (John Plocher)
Newsgroups: comp.unix.xenix
Subject: Re: Printscreen capability? SECURITY HOLE
Summary: SECURITY HOLE
Keywords: printscreen, MS-DOS
Message-ID: <414@uport.UUCP>
Date: 11 Aug 88 02:19:23 GMT
References: <364@gt-eedsp.UUCP> <510@sysco>
Reply-To: plocher@uport.UUCP (John Plocher)
Distribution: na
Organization: Microport Systems, Scotts Valley, CA
Lines: 26
In article <510@sysco> chapman@sco.COM (brian chapman) writes:
>>Is a printscreen capability available in Xenix?
>Yes
>ESC x x x Send screen to host.
> Current screen con-
> tents are sent to the
> application.
Great! Now I (as Joe User) can do:
clear > x
echo chmod all+w /bin/motd > x # or other favorite nastiness
echo "xxx" > x # see above
clear > x
and whenever root is logged onto the console:
write root < x
This security hole is one reason that many sysadmins don't use terminals
with a "block mode". Adding this to the console driver is a very subtle
way to compromise a system.
-John Plocher
ps. Yes, I know the script above is not exact - let's leave it that way.