Date: Mon, 31 Aug 2015 22:41:53 -0700 From: Michal Zalewski <lcamtuf@...edump.cx> To: oss-security <oss-security@...ts.openwall.com>, Hanno Böck <hanno@...eck.de> Subject: Re: Terminal escape sequences - the new XSS for admins? > This is why I am not happy about this thread's apparent decision to > dismiss unsafe handling of likely terminal escapes (the known ranges) in > untrusted input in individual programs as long as there are no known > worse-than-DoS intentional features in modern terminal emulators. > I would be happier to have this layer of security as well. Besides, DoS > issues are a concern too, and are obviously available as intentional > features in typical terminal emulators. I definitely think it deserves a closer look. Here are three recent finds that kcwu reported after apparently testing GNU screen with afl-fuzz: https://savannah.gnu.org/bugs/?45713 https://savannah.gnu.org/bugs/?45715 https://savannah.gnu.org/bugs/?45714 While I suspect that command injection bugs (the thing that started the thread) are fairly rare, I fully expect that escape sequence handling is under-audited and that there's plenty of mem corruption bugs to be found. (Cc:ing Hanno in case he wants to have a look.) /mz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ