Bug#797882: Iceweasel can read character devices.
BERBAR Florian
florian.berbar at free.fr
Thu Sep 3 10:27:48 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package: iceweasel
Version: 38.2.1esr-1~deb8u1
Dear mainteners,
Iceweasel allow opening characters devices owned by the who run
Iceweasel. After opening a characters devices and iceweasel can print
strings from them. For exemple, this issue can be used localy to get
parcial terminal keyboard tape from '/dev/pts/*' characters devices.
Description of bug :
- ---------------------
Opening a terminal with a terminal emulators on a graphical session
create a character device named pseudoterminal slave. This device is
created as a number on /dev/pts directory and it is owned by users who
have opened the terminal window. Iceweasel is able to open this kind of
device and print some keyboard tape form a pseudoterminal slave device.
The bug exploitation :
- ----------------------
- - Open the url : file:///dev/pts/<id> : You will see the terminal
identified by the <id> become slower and iceweasel loadind the url.
- - Tape some text on slowed terminal (it will take some time to print
the taped carracters on the emulated terminal).
- - Kill the emulator terminal window to let iceweasel print the
informations leaked from the character device.
Best regards and thank you.
Florian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJV6CCkAAoJEBGYNnE0a7qP/igP/RQAzwAbfVsl7pM18owvlfeI
oWO1H4z1qbwsYK0L5A2F7gzsxtQVwD9IjLJTerEmk/x2z0MHHFPJeRvWLwfO2tmr
4LA53RVW0Rg2KrOaJ9Cj5g21222kWSUdu9eMGD7Ki0PCbVAjOp0CjAOT0GzXauxA
UJ3IHNx4/ojKA8mMdgTs6t7t1GIl9PMRJbolWXCgTAlcayv40+Sg64/Dky49F+LQ
ncHh26JVJedH+7CQAAkMhjSH5qQGtjiVi94pHXD8zr5HUUgnjv3X0Pi1wMzEvj8Z
X1cMh0oT8ApiI4ZX/WjnG5jqOc7USshFK0fpgECOk4o8eRu+9eX/fcszI9NpBTcL
7HZIDgOsb93+Y6QB+g24kMeCgL8sTFMyDJB5BsQEgOfZh9rACDNc0PL/kQCaUKCf
6tZs7D7aqw883xrPEBwLDNHTE4WAEquUNBAj5A8j3Dp/SIKx8bIACbvlF6WRgKKu
ECJs3dfDBBrhjSB6IblUale/jTFnxVDEJVPuKqp+hYChUbA8yqVy7OIijSCqeRGH
rzZGX29ZnrJ5EnJmcD11+2Ui7yUA6PnI+sFMCFHivzUpxZzyps7vKLNI4Ms4m0vc
WQegE9yvOyXKlbLQ+pgdOot6J3pZrTq/6joejI8JwD/JpE5UggUtsYhXHGqRDZJL
H0I9VJKvSk+dWGLvZ6iE
=qjtg
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x346BBA8F.asc
Type: application/pgp-keys
Size: 3116 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20150903/f391e228/attachment.key>
More information about the pkg-mozilla-maintainers
mailing list