Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 19 May 2017 21:58:58 +0300
From: Yui Hirasawa <yui@...k.li>
To: oss-security@...ts.openwall.com
Subject: Re: terminal emulators' processing of escape sequences

On Wed, May 17, 2017 at 02:25:52AM +0200, Robert Święcki wrote:
> Hi,
>
> 2017-05-17 0:03 GMT+02:00 Solar Designer <solar@...nwall.com>:
> >
> > Jason, Robert -
> >
> > On Tue, May 02, 2017 at 12:05:27AM +0200, Robert ??wi??cki wrote:
> > > A harmless example from rxvt - pushing back the new-line character:
> > >
> > > $ echo -ne "\eGQ;"
> > > ;$ 0
> > > bash: 0: command not found
> >
> > Does this also affect rxvt-unicode?
>
> Yes,
>
> Tested with rxvt-unicode-9.22
>
> $ echo -ne "\eGQ;"
> ;$ 0
> bash: 0: command not found
> $

For me on rxvt-unicode 9.22 this command goes into command mode and
executes the first command in the history, thanks to vi-mode in bash.

In clear history it of course goes into infinite loop of re-executing
itself.

Also works with the more portable `printf "\033GQ;"`

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ