Bugtraq mailing list archives

Re: Wall and talkd pass binary data

From: fcp () nuance com (Craig Presson)
Date: Wed, 20 Jul 94 09:42 CDT


In <9407200202.AA16064 () swap Eng Sun COM>, Bob Page writes:

Wow -- this was an old haq from years and years ago.  It was first
exploited by finger (putting escape sequences in your .plan).


(Wavy time-travel effect) DG's Dasher terminals had a set cursor
position (^P <byte> <byte>) and read-out cursor position (^E) which
could be combined using an AOS CLI SEND command and the [!ASCII]
pseudo-macro to crash another user's terminal session:

SEND @con27 Die! Die! Die! [!ASCII 20 3 2 5]

(octal 20 3 2 5 == ^P ^C ^B ^E, where ^C ^B was the code to kill
the process associated with the terminal)

If you got a terminal into binary mode you could make the line go
catatonic with ^P ^E ^E ^E ...

And, yes, DG eventually had to filter out certain control characters
to spoil the fun.


-- cP

Current thread:

Re: Wall and talkd pass binary data Bob Page (Jul 19)
- Re: Wall and talkd pass binary data Craig Presson (Jul 20)
- <Possible follow-ups>
- Wall and talkd pass binary data Rob Quinn (Jul 19)
  - Flash/talkd Patrick Mcdowell (Jul 20)
    - Re: Flash/talkd Eric Wedaa (Jul 20)
  - Re: Wall and talkd pass binary data a.e.mossberg (Jul 20)
- Re: Wall and talkd pass binary data Martin Sean Bennet - Sun UK - CSG Engineer (Jul 20)
  - Re: Sending escape sequences to xterms via wall/talk Mike Raffety (Jul 20)
    - Re: Sending escape sequences to xterms via wall/talk Christopher A. Stewart (Jul 20)
    - Re: Sending escape sequences to xterms via wall/talk Andrew Beckett (Jul 21)
    - setuid root programs and core dumps Rob Quinn (Jul 21)
    - Re: Sending escape sequences to xterms via wall/talk Paul Daw (Jul 21)

(Thread continues...)