![]() |
|
Date: Mon, 08 May 2017 08:31:41 -0400 From: Ryan Munz <gcoc.devops@...il.com> To: <oss-security@...ts.openwall.com> Subject: Re: terminal emulators' processing of escape sequences iTerm2 would be another excellent test target as it is very popular. On 5/7/17, 10:03 PM, "Shiz" <hi@...z.me> wrote: > On 1 May 2017, at 18:44, Solar Designer <solar@...nwall.com> wrote: > > Unfortunately, I did not record which terminal emulators did not crash > for me. However, Jason recorded both kinds of results for him, coming > up with: > > Konsole: no crash > Xterm: no crash > rxvt: crash > Yakuake: no crash > Mosh (which is a terminal emulator, after all): no crash > Screen: 100% CPU usage --> DoS > rxvt-unicode: no crash > Qterminal: no crash > putty: no crash > > This adds "screen" to terminal emulators with problematic processing of > terminal escapes. Due to minor known impact, we did not handle this > under embargo - it should be investigated and fixed now, in public. Despite not being open source and thus unfit for the list, I can confirm this also causes high CPU usage for macOS Terminal.app, version 2.7.1 (387), as shipped on macOS 10.12.1. - Shiz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.