Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 7 Jan 2013 23:23:49 +0100
From: vladz <>
Subject: /dev/ptmx timing

Hi list,

I noticed that it was possible to measure inter-keystrokes timing thanks
to the /dev/ptmx character device.  Any local user that is using
pseudo-terminal can be targeted.

As it may also be used to disclose sensible information such as password
length, I was wondering if it should be treat as a security issue?                      

Description + PoC:

No sure right now but I think the only way to solve this is to modify
the pts handling at kernel level.  Any opinions on that?


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ