Groups | Search | Server Info | Login | Register

Groups > comp.security.misc > #1570

Re: Terminals in X Window System.

Show key headers only | View raw

peter@easthope.ca writes:
> Richard Kettlewell <invalid@invalid.invalid> wrote: 
>> They do different things, so it’s not clear why you’d compare them.
>
> Screenshots are at https://easthope.ca/XtermVersusTelnet.png . 
> I recognize that the window frames and fonts differ. Window contents 
> are similar and functionalities for a user are similar.

You’re comparing xterm with the Oberon environment creating a window and
connect it to the input and output of ‘telnet localhost’; not quite what
you originally askled about.

>> A telnetd without a password will allow lateral movement from other
>> UIDs.
>
> A password is required to log in to the system

In the configuration described at
https://en.wikibooks.org/wiki/Oberon/ETH_Oberon, no password is required
to log in via telnet. A completely insecure configuration and
irresponsible of whoever wrote that page to recommend it, IMO.

What Oberon _should_ be doing here is creating a psuedoterminal and
running the shell inside it (which is what xterm does internally). 

> and I am the only person with accounts.  The root account and a user
> account.  Please outline how lateralization can happen.

In this case by lateral movement I mean an attacker who has compromised
one UID escalating privilege to another UID. In this case, it’s as
simple as “telnet localhost”.

-- 
https://www.greenend.org.uk/rjk/

Back to comp.security.misc | Previous | Next — Previous in thread | Next in thread | Find similar

Thread

Terminals in X Window System. peter@easthope.ca - 2025-03-12 06:41 -0700
  Re: Terminals in X Window System. Marco Moock <mm@dorfdsl.de> - 2025-03-12 17:08 +0100
    Re: Terminals in X Window System. Richard Kettlewell <invalid@invalid.invalid> - 2025-03-12 19:31 +0000
    Re: Terminals in X Window System. peter@easthope.ca - 2025-03-13 08:28 -0700
      Re: Terminals in X Window System. Marco Moock <mm@dorfdsl.de> - 2025-03-13 20:10 +0100
        Re: Terminals in X Window System. Grant Taylor <gtaylor@tnetconsulting.net> - 2025-03-13 21:38 -0500
        Re (2): Terminals in X Window System. peter@easthope.ca - 2025-03-14 13:09 -0700
          Re: Re (2): Terminals in X Window System. Richard Kettlewell <invalid@invalid.invalid> - 2025-03-14 21:04 +0000
            Re (3): Terminals in X Window System. peter@easthope.ca - 2025-03-16 08:21 -0700
              Re: Re (3): Terminals in X Window System. Richard Kettlewell <invalid@invalid.invalid> - 2025-03-16 16:13 +0000
        Re: Terminals in X Window System. William Unruh <unruh@invalid.ca> - 2025-03-19 15:52 +0000
      Re: Terminals in X Window System. Richard Kettlewell <invalid@invalid.invalid> - 2025-03-13 21:11 +0000
        Re: Terminals in X Window System. peter@easthope.ca - 2025-03-23 11:23 -0700
          Re: Terminals in X Window System. Richard Kettlewell <invalid@invalid.invalid> - 2025-03-23 19:34 +0000
            Re (2): Terminals in X Window System. peter@easthope.ca - 2025-03-23 22:02 -0700
          Re: Terminals in X Window System. William Unruh <unruh@invalid.ca> - 2025-03-26 06:02 +0000

csiph-web