oss-sec mailing list archives
Re: Terminal escape sequences - the new XSS for admins?
From: Stephane Chazelas <stephane.chazelas () gmail com>
Date: Tue, 11 Aug 2015 22:06:48 +0100
2015-08-11 16:29:04 -0400, Steve Grubb: [....]
A lot were based on the vte package. So, I dug into the vte package. In the file, vteseq.c, is this: case 21: /* Report a static window title, since the real window title should NEVER be reported, as it creates a security vulnerability. See http://marc.info/?l=bugtraq&m=104612710031920&w=2 and CVE-2003-0070. */ _vte_debug_print(VTE_DEBUG_PARSE, "Reporting fake window title.\n"); /* never use terminal->window_title here! */ g_snprintf (buf, sizeof (buf), _VTE_CAP_OSC "lTerminal" _VTE_CAP_ST); vte_terminal_feed_child(terminal, buf, -1); break; At this point, I was convinced that most major emulators are safe. That said...there are all the ones I didn't check including older ones. The older ones are likely to be the ones I'd be most concerned about.
[...] Yes, it's the kind of vulnerabilities that were exploited decades ago and were fixed then. Now, the authors of newer ones can forget about them. terminology has a few dangerous escape sequences (including reporting window title, but also reading arbitrary files and sending arbitrary HTTP requests), as discussed at http://unix.stackexchange.com/questions/213799/can-bash-write-to-its-own-input-stream/213821#comment362700_213805 -- Stephane
Current thread:
- Terminal escape sequences - the new XSS for admins? Kurt Seifried (Aug 11)
- Re: Terminal escape sequences - the new XSS for admins? Daniel Kahn Gillmor (Aug 11)
- Re: Terminal escape sequences - the new XSS for admins? Steve Grubb (Aug 11)
- Re: Terminal escape sequences - the new XSS for admins? Stephane Chazelas (Aug 11)
- Re: Terminal escape sequences - the new XSS for admins? Florian Weimer (Aug 11)
- Re: Terminal escape sequences - the new XSS for admins? Andy Lutomirski (Aug 11)
- Re: Re: Terminal escape sequences - the new XSS for admins? Steve Grubb (Aug 11)
- Re: Re: Terminal escape sequences - the new XSS for admins? Robert Święcki (Aug 12)
- Re: Re: Terminal escape sequences - the new XSS for admins? Dave Horsfall (Aug 12)
- Re: Terminal escape sequences - the new XSS for admins? Steve Grubb (Aug 11)
- Re: Terminal escape sequences - the new XSS for admins? Daniel Kahn Gillmor (Aug 11)
- Re: Terminal escape sequences - the new XSS for admins? Solar Designer (Aug 17)
- Re: Terminal escape sequences - the new XSS for admins? Michal Zalewski (Aug 31)
- Re: Terminal escape sequences - the new XSS for admins? Michal Zalewski (Aug 31)