Date: Mon, 16 Apr 2018 10:15:00 +0200 From: Jakub Wilk <jwilk@...lk.net> To: oss-security@...ts.openwall.com Subject: Re: Re: Terminal Control Chars * David A. Wheeler <dwheeler@...eeler.com>, 2018-04-12, 17:18: >Russ Allbery: >>I think a useful definition of "control character" in this context >>(and I realize this doesn't exactly match the ASCII definition) is a >>character that results in an action other than insertion being >>taken... CR and LF would not be control characters in that definition, >>since they insert a newline and don't cause an action. Similarly, TAB >>wouldn't be a control character in that definition. > >As you noted, that definition doesn't match the ASCII definition, but I >also think it's misleading. If someone pastes a CR/LF into a shell >prompt, it certainly *DOES* cause an action, Similarly, tab is an "active" character in most shells. In the worst case (the victim uses bash with bash-completion installed, and the attacker has write access to the victim's filesystem), pasting tab can be as bad as pasting LF. Here's a proof of concept: $ printf 'x := $(shell (echo; cowsay pwned)>/dev/tty)' > moo $ make -f moo <tab> _______ < pwned > ------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || Credit for discovering this goes to Dan Rosenberg: https://twitter.com/djrbliss/status/699363006946344963 -- Jakub Wilk
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ