oss-sec mailing list archives
ansi escape sequence injection into ubuntu's add-apt-repository
From: "Jason A. Donenfeld" <Jason () zx2c4 com>
Date: Mon, 3 Aug 2020 16:41:37 +0200
Hi, I've found a rather low grade concern: I'm able to inject ANSI escape sequences into PPA descriptions on Launchpad, and then have them rendered by add-apt-repository *before* the user consents to actually adding that repository. There might be some sort of trust barrier issue with that. This could be used to clear the screen and imitate a fresh bash prompt, upload files, dump the current screen to a file, or other classic shenanigans, well chronicled in the archives of oss-sec. PoC time -- I'm using this "feature" for good at the moment to announce the deprecation in bold text of a PPA that I maintain: https://data.zx2c4.com/add-apt-repository-ansi-injection.png The proper fix to this is likely to do sanitization on the add-apt-repository side. Regards, Jason
Current thread:
- ansi escape sequence injection into ubuntu's add-apt-repository Jason A. Donenfeld (Aug 03)
- Re: ansi escape sequence injection into ubuntu's add-apt-repository Jason A. Donenfeld (Aug 05)
- Re: ansi escape sequence injection into ubuntu's add-apt-repository Jason A. Donenfeld (Aug 05)
- Re: ansi escape sequence injection into ubuntu's add-apt-repository Jason A. Donenfeld (Aug 05)