Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 19 May 2017 10:31:34 -0700
From: Tavis Ormandy <taviso@...xchg8b.com>
To: oss-security@...ts.openwall.com
Subject: Re: terminal emulators' processing of escape sequences

Robert Święcki <robert@...ecki.net> wrote:

> Hi again,
> 
> > 2017-05-17 15:56 GMT+02:00 Daniel Kahn Gillmor
> > <dkg@...thhorseman.net>:
> > > > Please consider the following example:
> >>>
> > > > $ tail -n1 /etc/hosts | xxd 00000000: 3132 372e 302e 302e 3309 1b47
> > > > 513b 205a  127.0.0.3..GQ; Z 00000010: 5a5a 0a
> > > > ZZ. $ ping ZZZ PING ; (127.0.0.3) 56(84) bytes of data.
> > > > ^[G0 64 bytes from ; (127.0.0.3): icmp_seq=1 ttl=64 time=0.039 ms
> > > > ^[G0 64 bytes from ; (127.0.0.3): icmp_seq=2 ttl=64 time=0.032 ms
> > > > ^[G0 ^C --- ; ping statistics --- 2 packets transmitted, 2 received,
> > > > 0% packet loss, time 1014ms rtt min/avg/max/mdev =
> > > > 0.032/0.035/0.039/0.006 ms ^[G0 $ 0 bash: 0: command not found
> >>
> > > what version of ping are you using?  I was unable to replicate this
> > > with either the debian iputils-ping package version 3:20161105-1, or
> > > with debian inetutils-ping package version 2:1.9.4-2+b1.  neither of
> > > them seem to do a getnameinfo() at all if it is initially supplied
> > > with an IP address.
> >

Browsing through the commands rxvt supports, I noticed you can set arbitrary
X11 properties. That seems like the kind of thing some wm or de might trust
for soemthing important (like gtk modules, etc).

e.g.

$ printf "\e]3;%s=TEST\a" TEST_PROPERTY
$ xprop -id $WINDOWID TEST_PROPERTY
TEST_PROPERTY(UTF8_STRING) = "TEST"

The properties Gnome looks at are listed here, maybe you could cause some
confusion this way. Do other environments (Xfce, KDE, etc) support more
interesting properties?

https://wiki.gnome.org/Attic/ApplicationSpecification

Tavis.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ