Control Character attacks on line printer log devices

Control Character attacks on line printer log devices

Post by Ian Jone » Fri, 10 May 2002 10:00:44



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[...]

Quote:> on how line printers used as supposedly secure logging devices might
> actually be subverted by getting it to accept control characters.

This is a concern for non-printed logs too. There was a bugtraq today
about CR/LF hazards. IIRC, there was a published advisory for apache
last year on much the same thing.

Hmmm, time to review my syslog sources to see if a filter might be in
order.

-----BEGIN PGP SIGNATURE-----
Comment: Keeping the world safe for geeks.

iD8DBQE82co7wBVKl/Nci0oRApLTAJwJXk5Yq2GzEBrXc1ojHSknzXUrBgCgoh+x
PeN4HsznvW7tUDTRXzOfTC8=
=akG3
-----END PGP SIGNATURE-----

 
 
 

1. can't print out line feed and carriage return (control character) on a network printer.

Hi All,

I have config. a print queue on solaris 8 (x86 ver), but all the result is
wrong (I just type something (text) by vi), because all the line feed and
carriage return not function on the output, did anyone how to make the
control character can print out like produce by the printer driver on m$
windows (because I just using lpr to connect to the network printer, and
there have no driver support on unix) ?

Thanks alot
SK

2. raid5 & solaris

3. telnet line-by-line to character-by-character

4. Okipage 4x under Linux?

5. Apache: escaping control characters in logs

6. Audit collection file inode table overflow

7. echoing control-characters from the command-line

8. How to disable intr?

9. Printing control characters to a printer with LPR

10. filter esc / control characters to text only printer

11. character device, block device , raw device?

12. reading printer control lines under SVR4

13. Help sending control codes to line printer