Date: Fri, 19 May 2017 21:58:58 +0300 From: Yui Hirasawa <yui@...k.li> To: oss-security@...ts.openwall.com Subject: Re: terminal emulators' processing of escape sequences On Wed, May 17, 2017 at 02:25:52AM +0200, Robert Święcki wrote: > Hi, > > 2017-05-17 0:03 GMT+02:00 Solar Designer <solar@...nwall.com>: > > > > Jason, Robert - > > > > On Tue, May 02, 2017 at 12:05:27AM +0200, Robert ??wi??cki wrote: > > > A harmless example from rxvt - pushing back the new-line character: > > > > > > $ echo -ne "\eGQ;" > > > ;$ 0 > > > bash: 0: command not found > > > > Does this also affect rxvt-unicode? > > Yes, > > Tested with rxvt-unicode-9.22 > > $ echo -ne "\eGQ;" > ;$ 0 > bash: 0: command not found > $ For me on rxvt-unicode 9.22 this command goes into command mode and executes the first command in the history, thanks to vi-mode in bash. In clear history it of course goes into infinite loop of re-executing itself. Also works with the more portable `printf "\033GQ;"`
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ