0

The title says it mostly. I'm auditing the security of a terminal-based application on AIX, and the way you use it is to connect to it remotely through telnet, where the ".profile" of the telnet user used to log in contains a "trap 1 2 3" command, and then immediately after that executes the terminal application in question.

My question is therefore: Since this trap command apparently does not trap SIGSEGV (contrary to SIGHUP, SIGINT and SIGQUIT, corresponding to the "1 2 3"), would it be possible for me to break out to the shell prompt if I can just somehow cause a segmentation fault from inside the program?

(oh, and for extra points, are there any other signals than 1,2,3 (and now possibly SIGSEGV) that must be trapped in order to prevent successful break-out to the shell prompt?)

QuestionOverflow
  • 269
  • 2
  • 6
  • I think the fact that this is using telnet should maybe be a higher priority... – EEAA Feb 18 '15 at 23:49
  • 1
    I didn't want to confuse the question by mentioning SSH etc, but sure, SSH can be used too, so please let's focus on the specific question if possible – QuestionOverflow Feb 18 '15 at 23:52
  • Fair enough. It's still worth mentioning though, at the very least to let us know you're aware that telnet is not ideal. You lose a certain amount of credibility (whether fair or not) when discussing auditing the security of an application that is accessed over telnet. – EEAA Feb 18 '15 at 23:54
  • Sure, I get your point, no problem. – QuestionOverflow Feb 18 '15 at 23:58

0 Answers0