Well if this allows arbitrary data to be fed into the file and later
be displayed by who or last then that data could be made to contain
escape sequences, and either hide other lines that would normally be
displayed (so you don't know someone has logged into the machine), or
output other malicious escape sequences (key rebindings, whatever).
Haven't tried it but it's a thought.
--=20
see shy jo
--Dxnq1zWXvFF0Q93v
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
Message-ID: <email address hidden>
Date: Sun, 30 Oct 2005 15:28:59 -0500
From: Joey Hess <email address hidden>
To: <email address hidden>
Subject: exploit via escape sequences?
--Dxnq1zWXvFF0Q93v Disposition: inline Transfer- Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Content-
Content-
Well if this allows arbitrary data to be fed into the file and later
be displayed by who or last then that data could be made to contain
escape sequences, and either hide other lines that would normally be
displayed (so you don't know someone has logged into the machine), or
output other malicious escape sequences (key rebindings, whatever).
Haven't tried it but it's a thought.
--=20
see shy jo
--Dxnq1zWXvFF0Q93v pgp-signature; name="signature .asc" Description: Digital signature Disposition: inline
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
HehbQuO8RAhORAJ 4oFkQwu4bibtoCP XfdQz2fTMHLJACc CpSg ZNSX6U2M=
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDZS0Ld8H
HQNfrzsCHODAfXQ
=2du+
-----END PGP SIGNATURE-----
--Dxnq1zWXvFF0Q 93v--