Re: Solaris "/usr/bin/write" bug

From: Casper Dik (casperat_private)
Date: Wed Mar 10 1999 - 14:38:38 PST

Next message: Tobias J. Kreidl: "Re: SMTP server account probing"

Previous message: Igor Sviridov: "Re: Default password in Bay Networks switches."
Maybe in reply to: bugscanat_private: "Solaris "/usr/bin/write" bug"
Next in thread: Darren Reed: "Re: Solaris "/usr/bin/write" bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>However, even if this is overflowable into a shell with tty permissions,
>I can see nothing useful coming out of it.
>
>crw--w----   1 dm       tty       24,  0 Mar  9 14:39 pts@0:0
>
>Those are the permissions on the terminal.  The most I can see happening is
>someone writing to my screen when I have messages turned off.


No, all that can happen is that someone writes to your screen when you
have messages *ON*.


Write filters these messages for content and prepends a "from user ..."
etc message and it stops writing when messages are turned off in response
to write; with a fd to a tty you can continue to write and write arbitrary
control characters.

Casper

Next message: Tobias J. Kreidl: "Re: SMTP server account probing"
Previous message: Igor Sviridov: "Re: Default password in Bay Networks switches."
Maybe in reply to: bugscanat_private: "Solaris "/usr/bin/write" bug"
Next in thread: Darren Reed: "Re: Solaris "/usr/bin/write" bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:48 PDT