Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 08 May 2017 08:31:41 -0400
From: Ryan Munz <gcoc.devops@...il.com>
To: <oss-security@...ts.openwall.com>
Subject: Re: terminal emulators' processing of escape sequences

iTerm2 would be another excellent test target as it is very popular.

On 5/7/17, 10:03 PM, "Shiz" <hi@...z.me> wrote:

    > On 1 May 2017, at 18:44, Solar Designer <solar@...nwall.com> wrote:
    > 
    > Unfortunately, I did not record which terminal emulators did not crash
    > for me.  However, Jason recorded both kinds of results for him, coming
    > up with:
    > 
    > Konsole: no crash
    > Xterm: no crash
    > rxvt: crash
    > Yakuake: no crash
    > Mosh (which is a terminal emulator, after all): no crash
    > Screen: 100% CPU usage --> DoS
    > rxvt-unicode: no crash
    > Qterminal: no crash
    > putty: no crash
    > 
    > This adds "screen" to terminal emulators with problematic processing of
    > terminal escapes.  Due to minor known impact, we did not handle this
    > under embargo - it should be investigated and fixed now, in public.
    
    Despite not being open source and thus unfit for the list, I can confirm this
    also causes high CPU usage for macOS Terminal.app, version 2.7.1 (387),
    as shipped on macOS 10.12.1.
    
    - Shiz

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ