lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 03 Nov 2008 12:20:47 -0500
From: Valdis.Kletnieks@...edu
To: Simon Richter <Simon.Richter@...yros.de>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Securing our computers?

On Mon, 03 Nov 2008 15:42:02 +0100, Simon Richter said:

> For example, when the X Window System reports an input event to an
> application, a flag tells the app whether the event is "synthetic", i.e.
> was generated by another program rather than directly by the user. The
> mighty xterm knows to ignore such events and offers me a "secure input
> mode" where it grabs the keyboard so it can bypass any filtering programs
> (such as my window manager, which filters out Ctrl-T as the command key,
> and generates a synthetic Ctrl-T for the "Ctrl-T t" sequence).
> 
> Now, people have felt the desire to automate various tasks in secure
> applications, and created the XTest extension that allows a client that
> knows about the extension to generate events with "synthetic" set to false.

And the worst part is that the people who designed that either knew, or should
have known, about the large number of Unix vulnerabilities in the pre-X,
ascii-green-screen world 5 years or so before, which all basically boiled down to:

1) Detach yourself from the current terminal
2) Open a victim's terminal (and thus inheriting that terminal as your
"control terminal"
3) Use the TIOCSTI ioctl to input characters as if typed on the control
terminal.  "/bin/rm -rf / \n" or similar.

It turns out that making the terminal mode 0600 when the user logs in isn't
always sufficient, due to how difficult it is to create a working revoke().

Oh - the original use for TIOCSTI was semi-reasonable - it was so that
programs like /usr/bin/mail could pre-populate a To: or cc: line for you
as if you had entered it, and then you could use the line-editing characters
for any changes you wanted to make...

Google for 'TIOCSTI' 'security' for some of the gory details.

Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ