oss-sec mailing list archives
Re: terminal emulators' processing of escape sequences
From: Shiz <hi () shiz me>
Date: Mon, 8 May 2017 04:03:24 +0200
On 1 May 2017, at 18:44, Solar Designer <solar () openwall com> wrote: Unfortunately, I did not record which terminal emulators did not crash for me. However, Jason recorded both kinds of results for him, coming up with: Konsole: no crash Xterm: no crash rxvt: crash Yakuake: no crash Mosh (which is a terminal emulator, after all): no crash Screen: 100% CPU usage --> DoS rxvt-unicode: no crash Qterminal: no crash putty: no crash This adds "screen" to terminal emulators with problematic processing of terminal escapes. Due to minor known impact, we did not handle this under embargo - it should be investigated and fixed now, in public.
Despite not being open source and thus unfit for the list, I can confirm this also causes high CPU usage for macOS Terminal.app, version 2.7.1 (387), as shipped on macOS 10.12.1. - Shiz
Attachment:
signature.asc
Description: Message signed with OpenPGP
Current thread:
- Re: terminal emulators' processing of escape sequences, (continued)
- Re: terminal emulators' processing of escape sequences Robert Święcki (May 17)
- Re: terminal emulators' processing of escape sequences Daniel Kahn Gillmor (May 18)
- Re: terminal emulators' processing of escape sequences Tavis Ormandy (May 19)
- Re: terminal emulators' processing of escape sequences Solar Designer (May 17)
- Re: terminal emulators' processing of escape sequences Marc Lehmann (May 17)
- rxvt-unicode "insecure" setting [Was: terminal emulators' processing of escape sequences] Ian Zimmerman (May 17)
- Re: terminal emulators' processing of escape sequences Dominique Martinet (May 17)
- Re: terminal emulators' processing of escape sequences Guido Berhoerster (May 03)
- Re: terminal emulators' processing of escape sequences Ryan Munz (May 08)