[mrr@thud] [~]-> uname -a FreeBSD thud.pcs.k12.mi.us 4.3-STABLE FreeBSD 4.3-STABLE #0: Fri Jul 27 15:31:11 EDT 2001 mrrat_private:/usr/src/sys/compile/thud i386 [mrr@thud] [~]-> perl -e 'print "\x9E\x9bc"' [mrr@thud] [~]-> 62;1;2;6;7;8;9c The shell on the FreeBSD machine is 2.04.0(1). The results are the same no matter what I change my terminal type to. Results are the exact same with vt220 on a Linux 2.4.14 using bash 1.4.7. Ditto for the results being the same when the terminal type is changed. Results are also the same even if I change shells. However, 'sh' on the FreeBSD machines appends '^[[?' to the string. tcsh, csh, zsh all return the same, though. Michael R. Rudel * mrrat_private * 734.417.4859 * www.gotclue.org Technician, Pinckney Community Schools * mrrat_private Principal Engineer, Michael R. Rudel Consulting * mrrat_private On Sat, 8 Dec 2001, Doru Petrescu wrote: > > Hi everybody, > > One strange thing I found while playing with binary files on my terminal: > some special sequences are able to inject characters into my terminal > input buffer as if I typed them on the keyboard. > > on my linux (v2.4.5) TEXT console ($TERM=linux), if I execute: > perl -e 'print "\x9E\x9bc"' > > when the shell returns back to my prompt I will find 2 characters in the > command line as I typed them!!! the two of them are: "6c" > > So, if I press enter, the shell will complain that can't find/execute > command "6c". Of cource I can just erase them, and everything will by OK. > > BUT, THE IDEA IS: WHY IS THIS HAPPENING ?!?!? > > Imagine this: You receive an email, you open it with your favourite text > mail reader (mail/pine/mutt/etc). the mail contains some unpleasent binary > garbage that when the mail program output them to the terminal will > trigger something and will INJECT characters into your terminal > input buffer, and by doing so INJECTING commands as if YOU typed them > from the keyboard. this means that someone could take over your terminal > !!! hijacking your shell prompt !!! > > > However, untill now I was only able to inject series of "6c", and I didn't > found a way to inject ENTER or something that will trigger the shell to > execute the command. more researchis needed. > Also this only work on LINUX text CONSOLE. not on Xterm, or something else. > > 1. Can you guys check if this works on your systems as well ? > just execute this cmd: perl -e 'print "\x9E\x9bc"' > > 2. Can someone explain to me what is happening ? > is this a bug in the kernel code that handles terminal output ? can we > make it do something else ? (like overwriting memory, etc ...) > > > Best regards, > ------ > Doru Petrescu > KappaNet - Senior Software Engineer > E-mail: pdoruat_private LINUX - the choice of the GNU generation > > >
This archive was generated by hypermail 2b30 : Sat Dec 08 2001 - 09:10:21 PST