Re: making Debian secure by default

To: Andy Smith <andy@strugglers.net>
Cc: debian-user@lists.debian.org
Subject: Re: making Debian secure by default
From: Lee <ler762@gmail.com>
Date: Thu, 28 Mar 2024 00:42:28 -0400
Message-id: <[🔎] CAD8GWss+NgZex2i0LQRbQZGs7u1tMfK6Ci-yvaU9bL7NMvkWcg@mail.gmail.com>
In-reply-to: <ZgSvKK2vZ/Wpg7dP@mail.bitfolk.com>
References: <[🔎] CAD8GWssBoRrCzW0TSUGxMeuY=y_bTM-nMuSO7_4g1Kyk79fgqQ@mail.gmail.com> <[🔎] dda6351e-2bc9-450d-8f20-a7305c4b9d2c@gmail.com> <ZgSvKK2vZ/Wpg7dP@mail.bitfolk.com>

On Wed, Mar 27, 2024 at 10:22 PM Andy Smith wrote:
>
> Hello,
>
> On Thu, Mar 28, 2024 at 07:37:13AM +0800, jeremy ardley wrote:
> >   Some distros, like Debian, do not seem to have a command like
> >   command-not-found by default.
>
> […]
>
> > Which implies that Debian is secure by default against this particular
> > exploit
>
> I suspect if OP is worried about users potentially falling for a
> fake sudo password prompt then OP is probably not happy about all
> the other possibilities around putting arbitrary text on a user's
> terminal.

Yes, that.

I'm not thrilled with the idea of anybody putting arbitrary text on
someone else's terminal; what really concerns me is the ability to
send control codes.  Wasn't there some exploit that involved injecting
text and a control code that acted like a carriage return?

Lee

Reply to:

References:
- making Debian secure by default
  - From: Lee <ler762@gmail.com>
- Re: making Debian secure by default
  - From: jeremy ardley <jeremy.ardley@gmail.com>
- Re: making Debian secure by default
  - From: Andy Smith <andy@strugglers.net>

Prev by Date: Re: making Debian secure by default
Next by Date: Re: making Debian secure by default
Previous by thread: Re: making Debian secure by default
Next by thread: Re: making Debian secure by default
Index(es):
- Date
- Thread