>> There is no bigger security risk than being able to command
>> a terminal to send its screen contents
> Well, then one would have to analyze what made it problematic
I recall the fun from twenty-five years ago.
Find someone who has not disabled "write" so that you
can write to her tty. Send escape sequences Cursor Home,
Erase Screen, some random commands, Transmit Screen Contents
and the system would see some random commands coming from
this user's terminal. Fun.
There are many variations on this theme. For example,
one can embed such sequences in mail sent to the user.
Such attacks are still a problem today.
Andries
-
Linux-UTF8: i18n of Linux on all levels
Archive: http://mail.nl.linux.org/lists/
