Re: CVE request: screen stack overflow (deep recursion)

[Solar Designer <solar () openwall com>]

This is slightly off-topic for the current thread, but I think it is of
interest to oss-security subscribers in general:

On Thu, Sep 03, 2015 at 09:36:29AM +0300, Solar Designer wrote:
> On Thu, Sep 03, 2015 at 05:25:11AM +0000, Fiedler Roman wrote:
> > What about "tail -f /var/log/syslog", Apache or other kind of logs for
> > debugging? [Yes, that's often how logs are running over the screen in videos
> > when talking about IT-security]. It's convenient and I'm using screen
> > exactly to avoid any injection of commands via TIOCSTI into my current TTY
> > when a context switch is needed before starting tail, e.g. when working with
> > LXC containers.
>
> "tail -f" on a log file is indeed very common, but it is bad practice
> (akin to other very common bad practices like a sysadmin going into a
> user's homedir as root).  A safer alternative in terms of terminal
> escapes is the "F" keypress in "less -nU" (or in "less -nUEX" to more
> closely resemble "tail -f").  Unfortunately, I am not aware of a
> command-line option that would do this (that is, assume that "F" was
> pressed right away) - perhaps one should be added, if it's not already
> in there.

Dmitry V. Levin pointed out to me off-list that less already provides a
way to specify its normally interactive commands on the command line.
The man page says:

       +cmd   Causes the specified cmd to be executed each time a new file  is
              examined.  For example, +G causes less to initially display each
              file starting at the end rather than the beginning.

and indeed e.g. "less -nUEX +F" works as desired.

> Unfortunately, less is more complicated and has greater
> attack surface than tail.  Maybe this can be partially mitigated by
> using the C locale with it (no UTF-8), but I did not look into that.

Alexander