Re: Splitvt exploit

[joey () KITENET NET (Joey Hess)]

Thomas Biege wrote:
> splitvt isn't installed setuid on SuSE Linux.

So how does it work?

If it's not setuid, and has not been patched to use devpts, it has no
way of chowning the tty's it uses. That means that when you run splitvt,
you are typing into a shell that is connected to a tty that is
(typically) mode:

crw-rw-rw-    1 root     tty        3, 176 Jun 14 14:53 /dev/ttya0

Thus, third parties can eg, write escape sequences to the terminal, and
possibly remap keystrokes to do evil things. And they can certianly
capture your keystokes to that terminal.

--
see shy jo