Hi everybody, One strange thing I found while playing with binary files on my terminal: some special sequences are able to inject characters into my terminal input buffer as if I typed them on the keyboard. on my linux (v2.4.5) TEXT console ($TERM=linux), if I execute: perl -e 'print "\x9E\x9bc"' when the shell returns back to my prompt I will find 2 characters in the command line as I typed them!!! the two of them are: "6c" So, if I press enter, the shell will complain that can't find/execute command "6c". Of cource I can just erase them, and everything will by OK. BUT, THE IDEA IS: WHY IS THIS HAPPENING ?!?!? Imagine this: You receive an email, you open it with your favourite text mail reader (mail/pine/mutt/etc). the mail contains some unpleasent binary garbage that when the mail program output them to the terminal will trigger something and will INJECT characters into your terminal input buffer, and by doing so INJECTING commands as if YOU typed them from the keyboard. this means that someone could take over your terminal !!! hijacking your shell prompt !!! However, untill now I was only able to inject series of "6c", and I didn't found a way to inject ENTER or something that will trigger the shell to execute the command. more researchis needed. Also this only work on LINUX text CONSOLE. not on Xterm, or something else. 1. Can you guys check if this works on your systems as well ? just execute this cmd: perl -e 'print "\x9E\x9bc"' 2. Can someone explain to me what is happening ? is this a bug in the kernel code that handles terminal output ? can we make it do something else ? (like overwriting memory, etc ...) Best regards, ------ Doru Petrescu KappaNet - Senior Software Engineer E-mail: pdoruat_private LINUX - the choice of the GNU generation
This archive was generated by hypermail 2b30 : Sat Dec 08 2001 - 08:45:16 PST