The Cellar - View Single Post

russotto · 08-08-2002, 01:59 PM

Well, it's true that it's NOT an entirely new class of attack. It's somewhat similar to the old TIOCSTI/TIOCNOTTY (a.k.a ttydev) attack on UNIX, and related attacks against x-windows (ask a certain UMCP sysadmin about xhost -- I think his systems were rooted by every hacker at the place)

This one's even broader in scope, though -- those only gave you control of the running program. This gives you full access AS the running program.

08-08-2002, 01:59 PM	#21
russotto Professor Join Date: Jan 2001 Posts: 1,788	'Entirely new class' Well, it's true that it's NOT an entirely new class of attack. It's somewhat similar to the old TIOCSTI/TIOCNOTTY (a.k.a ttydev) attack on UNIX, and related attacks against x-windows (ask a certain UMCP sysadmin about xhost -- I think his systems were rooted by every hacker at the place) This one's even broader in scope, though -- those only gave you control of the running program. This gives you full access AS the running program.