Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 8 May 2017 04:03:24 +0200
From: Shiz <hi@...z.me>
To: oss-security@...ts.openwall.com
Subject: Re: terminal emulators' processing of escape sequences

> On 1 May 2017, at 18:44, Solar Designer <solar@...nwall.com> wrote:
> 
> Unfortunately, I did not record which terminal emulators did not crash
> for me.  However, Jason recorded both kinds of results for him, coming
> up with:
> 
> Konsole: no crash
> Xterm: no crash
> rxvt: crash
> Yakuake: no crash
> Mosh (which is a terminal emulator, after all): no crash
> Screen: 100% CPU usage --> DoS
> rxvt-unicode: no crash
> Qterminal: no crash
> putty: no crash
> 
> This adds "screen" to terminal emulators with problematic processing of
> terminal escapes.  Due to minor known impact, we did not handle this
> under embargo - it should be investigated and fixed now, in public.

Despite not being open source and thus unfit for the list, I can confirm this
also causes high CPU usage for macOS Terminal.app, version 2.7.1 (387),
as shipped on macOS 10.12.1.

- Shiz

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ