oss-sec mailing list archives
Re: terminal emulators' processing of escape sequences
From: Marc Lehmann <schmorp () schmorp de>
Date: Thu, 18 May 2017 04:39:50 +0200
On Wed, May 17, 2017 at 01:05:30PM +0200, Solar Designer <solar () openwall com> wrote:
You're right that we provided "little to no information" - sorry. I'll correct this now. Jason's e-mail was in part prompted by my off-list message to him, where I wrote about this issue (or non-issue depending on one's perspective):
Thanks a lot, this makes a lot more sense. The confusing part was that the patch sent by Jason in his mail had nothing to do with this issue.
I think it's pretty bad, because unlike many other terminals' automated responses triggered by escapes, this one includes a linefeed.
I agree - rxvt-unicode shouldn't reply with a LF when in secure mode (this is a policy). The sequence in question is also not used (or even usable, as it queries the original rxvt graphics mode which is not implemented in urxvt), so the next version will have it disabled, at least in secure mode (the default).
The risk probability is low, but this is nevertheless a valid security issue to patch.
I agree, it is a reasonable defense in depth mechanism where the benefit clearly outweighs the disadvantages.
(The pasted text appears to vary between "0" and "1".)
urxvt always replies with "\033G0\012" to indicate "graphics mode not supported". It's quite possible the the original rxvt replies with other sequences.
Thus, a sentiment expressed in past discussions in here is that terminal emulators shouldn't have the riskiest escape sequences supported by default. It is fully expected that malicious escape sequences can make
Again, I fully agree - I just couldn't make the connection between the patch sent and these "riskiest escape sequences". -- The choice of a Deliantra, the free code+content MORPG -----==- _GNU_ http://www.deliantra.net ----==-- _ generation ---==---(_)__ __ ____ __ Marc Lehmann --==---/ / _ \/ // /\ \/ / schmorp () schmorp de -=====/_/_//_/\_,_/ /_/\_\
Current thread:
- Re: terminal emulators' processing of escape sequences, (continued)
- Re: terminal emulators' processing of escape sequences Jason A. Donenfeld (May 17)
- Re: terminal emulators' processing of escape sequences Marc Lehmann (May 16)
- Re: terminal emulators' processing of escape sequences Robert Święcki (May 17)
- AW: terminal emulators' processing of escape sequences Fiedler Roman (May 17)
- Re: terminal emulators' processing of escape sequences Daniel Kahn Gillmor (May 17)
- Re: terminal emulators' processing of escape sequences Robert Święcki (May 17)
- Re: terminal emulators' processing of escape sequences Robert Święcki (May 17)
- Re: terminal emulators' processing of escape sequences Daniel Kahn Gillmor (May 18)
- Re: terminal emulators' processing of escape sequences Tavis Ormandy (May 19)
- Re: terminal emulators' processing of escape sequences Solar Designer (May 17)
- Re: terminal emulators' processing of escape sequences Marc Lehmann (May 17)
- rxvt-unicode "insecure" setting [Was: terminal emulators' processing of escape sequences] Ian Zimmerman (May 17)
- Re: terminal emulators' processing of escape sequences Dominique Martinet (May 17)
- Re: terminal emulators' processing of escape sequences Guido Berhoerster (May 03)
- Re: terminal emulators' processing of escape sequences Ryan Munz (May 08)