Groups | Search | Server Info | Login | Register
Groups > comp.security.misc > #1570
| From | Richard Kettlewell <invalid@invalid.invalid> |
|---|---|
| Newsgroups | comp.security.misc |
| Subject | Re: Terminals in X Window System. |
| Date | 2025-03-23 19:34 +0000 |
| Organization | terraraq NNTP server |
| Message-ID | <wwvwmcf8rt5.fsf@LkoBDZeT.terraraq.uk> (permalink) |
| References | <wwvr030d4ab.fsf@LkoBDZeT.terraraq.uk> <vrpjj3$2uglq$1@dont-email.me> |
peter@easthope.ca writes: > Richard Kettlewell <invalid@invalid.invalid> wrote: >> They do different things, so it’s not clear why you’d compare them. > > Screenshots are at https://easthope.ca/XtermVersusTelnet.png . > I recognize that the window frames and fonts differ. Window contents > are similar and functionalities for a user are similar. You’re comparing xterm with the Oberon environment creating a window and connect it to the input and output of ‘telnet localhost’; not quite what you originally askled about. >> A telnetd without a password will allow lateral movement from other >> UIDs. > > A password is required to log in to the system In the configuration described at https://en.wikibooks.org/wiki/Oberon/ETH_Oberon, no password is required to log in via telnet. A completely insecure configuration and irresponsible of whoever wrote that page to recommend it, IMO. What Oberon _should_ be doing here is creating a psuedoterminal and running the shell inside it (which is what xterm does internally). > and I am the only person with accounts. The root account and a user > account. Please outline how lateralization can happen. In this case by lateral movement I mean an attacker who has compromised one UID escalating privilege to another UID. In this case, it’s as simple as “telnet localhost”. -- https://www.greenend.org.uk/rjk/
Back to comp.security.misc | Previous | Next — Previous in thread | Next in thread | Find similar
Terminals in X Window System. peter@easthope.ca - 2025-03-12 06:41 -0700
Re: Terminals in X Window System. Marco Moock <mm@dorfdsl.de> - 2025-03-12 17:08 +0100
Re: Terminals in X Window System. Richard Kettlewell <invalid@invalid.invalid> - 2025-03-12 19:31 +0000
Re: Terminals in X Window System. peter@easthope.ca - 2025-03-13 08:28 -0700
Re: Terminals in X Window System. Marco Moock <mm@dorfdsl.de> - 2025-03-13 20:10 +0100
Re: Terminals in X Window System. Grant Taylor <gtaylor@tnetconsulting.net> - 2025-03-13 21:38 -0500
Re (2): Terminals in X Window System. peter@easthope.ca - 2025-03-14 13:09 -0700
Re: Re (2): Terminals in X Window System. Richard Kettlewell <invalid@invalid.invalid> - 2025-03-14 21:04 +0000
Re (3): Terminals in X Window System. peter@easthope.ca - 2025-03-16 08:21 -0700
Re: Re (3): Terminals in X Window System. Richard Kettlewell <invalid@invalid.invalid> - 2025-03-16 16:13 +0000
Re: Terminals in X Window System. William Unruh <unruh@invalid.ca> - 2025-03-19 15:52 +0000
Re: Terminals in X Window System. Richard Kettlewell <invalid@invalid.invalid> - 2025-03-13 21:11 +0000
Re: Terminals in X Window System. peter@easthope.ca - 2025-03-23 11:23 -0700
Re: Terminals in X Window System. Richard Kettlewell <invalid@invalid.invalid> - 2025-03-23 19:34 +0000
Re (2): Terminals in X Window System. peter@easthope.ca - 2025-03-23 22:02 -0700
Re: Terminals in X Window System. William Unruh <unruh@invalid.ca> - 2025-03-26 06:02 +0000
csiph-web