Bugtraq mailing list archives
RE: Terminal Emulator Security Issues
From: "Kenn Humborg" <kenn () bluetree ie>
Date: Mon, 3 Mar 2003 17:43:28 -0000
After further investigation, I'd like to point out the following: Eterm has *never* allowed any control characters in its title/icon name sequences. The following bit of code has existed at least since Eterm was first committed to CVS: else if (ch < ' ') return; /* control character - exit */ in term.c::process_xterm_seq(), line 1270 or so. So there was never any way to get escape sequences in the title to begin with, meaning that the command cannot be hidden using any character attributes or background/foreground color matching.
What about the CSI character, code 155 (128+27), which DEC terminals (from at least vt220) interpret as a "shorthand" for "ESC ["? http://vt100.net/docs/vt220-rm/chapter2.html#S2.5.2 Later, Kenn
Current thread:
- Re: Terminal Emulator Security Issues Michael Jennings (Mar 03)
- RE: Terminal Emulator Security Issues Kenn Humborg (Mar 03)
- Re: Terminal Emulator Security Issues Michael Jennings (Mar 03)
- RE: Terminal Emulator Security Issues Kenn Humborg (Mar 03)