Date: Tue, 10 Apr 2018 13:02:27 +0200 From: Christian Brabandt <cb@...bit.org> To: oss-security@...ts.openwall.com Subject: Re: Terminal Control Chars On Di, 10 Apr 2018, Gordo Lowrey wrote: > On Mon, Mar 5, 2018 at 11:50 AM, up201407890@...nos.dcc.fc.up.pt wrote: > >The correct solution would be to disallow the pasting of certain control > >characters. FWIW: The vim poc has been "fixed" as of https://github.com/vim/vim/releases/tag/v8.0.1587 > I'm just gonna go out on a limb here, and say this is an unfounded > assertion. > > Perhaps the correct solution would be to prevent the browser from copying > invisible characters. > > If you're going to break some basic mechanic of human computer interaction, > at least don't break my damn terminal (not that I use VTE, it doesn't > support OSC 52, among others), but the principle stands... Instead of > worrying about sanitizing what is pasted, why not worry about sanitizing > what is copied instead? That was also the conclusion on the vim-dev list. There is a similar Debian bug report against rxvt-unicode where the same conclusion is drawn: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787628#15 And the corresponding mozilla/firefox bug: https://bugzilla.mozilla.org/show_bug.cgi?id=637895 Best, Christian
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ