oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: terminal emulators' processing of escape sequences

From: Marc Lehmann <schmorp () schmorp de>
Date: Wed, 17 May 2017 03:23:14 +0200
On Wed, May 17, 2017 at 12:15:55AM +0200, "Jason A. Donenfeld" <Jason () zx2c4 com> wrote:

On Wed, May 17, 2017 at 12:03 AM, Solar Designer <solar () openwall com> wrote:

Jason, Robert -

On Tue, May 02, 2017 at 12:05:27AM +0200, Robert ??wi??cki wrote:

A harmless example from rxvt - pushing back the new-line character:

$ echo -ne "\eGQ;"
;$ 0
bash: 0: command not found


Does this also affect rxvt-unicode?


It does, actually. I've CCd rxvt-unicode upstream on this in order to
hear their assessment.


There can't be an assessment without knowledge of what to assess - there
is little to no information in your mail. I can only guess that somebody
for the hundredth time found out that terminals are more than dumb
display devices and got excited that, somehow, this might be a security
issue. Without knowing details, I can't say for sure, but most likely,
this is a security issue the same way blindly feeding unknown commands to
your shell is, i.e., it's a problem somewhere else - the protocol between
terminals and programs is not a (strong) security barrier.

(your echo command is bash-specific, btw.)

-- 
                The choice of a       Deliantra, the free code+content MORPG
      -----==-     _GNU_              http://www.deliantra.net
      ----==-- _       generation
      ---==---(_)__  __ ____  __      Marc Lehmann
      --==---/ / _ \/ // /\ \/ /      schmorp () schmorp de
      -=====/_/_//_/\_,_/ /_/\_\
Previous By Date Next
Previous By Thread Next

Current thread: