oss-sec mailing list archives
Re: s/party/hack like it's 1999
From: Greg KH <greg () kroah com>
Date: Mon, 21 Sep 2015 09:53:37 -0700
On Mon, Sep 21, 2015 at 04:43:46PM +0000, David Holland wrote:
On Sun, Sep 20, 2015 at 06:26:31AM +0300, Solar Designer wrote: > > Note that all that was needed for this to happen was for a stray C2 > > byte from one writer to get injected just before the character-final > > 9B byte of a multibyte character from another writer. I specifically > > chose my example so that both writers output data which is well-formed > > and printable UTF-8, but that was not necessary. > > > > Since I see no reasonable application-side mitigation for this, I > > Yeah. A user's mitigation may be to avoid running multiple programs at > a time on a UTF-8 terminal. E.g. running "ps &" appears unsafe > (although is indeed unlikely to actually be used in a successful > attack), even if "ps" replaces control characters with question marks. I have been arguing for years (but without success) that vt bomb injection needs to be blocked in the tty driver. This problem (corruption of concurrent UTF-8 streams) needs to be too, as a matter of correctness and not even security.
How exactly would a tty driver "block" anything like this? A tty driver never looks at the data stream in the kernel, as that way lies madness... thanks, greg k-h
Current thread:
- s/party/hack like it's 1999 up201407890 (Sep 17)
- Re: s/party/hack like it's 1999 Manuel Gómez (Sep 17)
- Re: s/party/hack like it's 1999 Solar Designer (Sep 19)
- Re: s/party/hack like it's 1999 Rich Felker (Sep 19)
- Re: s/party/hack like it's 1999 Solar Designer (Sep 19)
- Re: s/party/hack like it's 1999 David Holland (Sep 21)
- Re: s/party/hack like it's 1999 Greg KH (Sep 21)
- Re: s/party/hack like it's 1999 Florian Weimer (Sep 21)
- Re: s/party/hack like it's 1999 David Holland (Sep 26)
- Re: s/party/hack like it's 1999 Daniel Micay (Sep 26)
- Re: s/party/hack like it's 1999 Rich Felker (Sep 29)
- Re: s/party/hack like it's 1999 Solar Designer (Sep 19)
- Re: s/party/hack like it's 1999 Manuel Gómez (Sep 17)
- Re: s/party/hack like it's 1999 up201407890 (Sep 18)