Hacker News new | ask | show | jobs
by ifh-hn 138 days ago
JavaScript has to escape the browser sandbox, does telnet have a similar sandbox? Or can it access the system directly?

I don't know the answer but if telnet can directly access the system that seems more dangerous irrespective of the attack surface.
2 comments
VMG 138 days ago
Telnet is "sandboxed" in that it can only output characters to your tty, however that in itself is quite a powerful primitive.

The ANSI control characters wield power of a huge stack of not very robust code

https://nvd.nist.gov/vuln/detail/CVE-2024-56803

link
kjs3 138 days ago
That's a very fair point, but on my system telnet is 211144 bytes. How big is a javascript runtime + browser + browser sandbox. I have no idea, but I'd be really surprised if it was less than 3 orders of magnitude bigger, and not at all surprised if it was 4 orders of magnitude bigger. There's just more places for things to go wrong.

And, telnet isn't installed by default on many systems. So...YMMV.

link