Re: Root Terminal Security Question

From: Mark Adams (madams9_at_netscape.dotnet)
Date: 07/13/04 

Date: Tue, 13 Jul 2004 05:41:48 GMT

Rob Warnock wrote:
> [Note: The group's name is "comp.security.misc", *not* "comp.secutiry.misc".]

Yeah, I hate the way Netscape handles cross posting.

> Some people [including me, at times! (*blush*)] run an "xterm -C" to
> capture the /dev/console output, to immediately see any critical kernel
> or application messages instead of having to periodically look at
> /var/log/messages. That's fine, except you have to be more aware of
> the potential covert channel from a "syslog" message to your terminal
> emulator.

Ah, sounds like a neat tip. I'll try and remember it.

> I personally know nothing of KDE or Konsole, so unless you've done a
> source security audit [or know of one that's been done by a reliable
> person/group], you might be better using a bare "xterm" for your root
> terminal instead. While "xterm" had some pretty serious problems in
> the past, it's been fairly-well pored over & cleaned up by now.

I'm still looking into it, but I haven't found any indications of
problems so far.

> +---------------
> | > - It is not just root that is vulnerabile to these attacks, given a
> | > bad choice of terminal -- OR TERMINAL EMULATOR!! -- by the user.
> |
> | So, you recommend what?
> +---------------
>
> A plain "xterm", run *without* "-C", and with "mesg n". That should be
> fairly safe... [I think...]

Again, thanks Rob. I'll file that one close by. 

-- 
Mark E. Adams, 2004 -- drop the "dot" to email me.
CONSIDER: ===========---------,,,,,,,,,............. . .  .  .   .
bureaucracy, n:
	A method for transforming energy into solid waste.
=====================---------,,,,,,,,,............. . .  .  .   .
Quantcast