Date: Thu, 3 Sep 2015 14:16:34 +0300 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request: screen stack overflow (deep recursion) This is slightly off-topic for the current thread, but I think it is of interest to oss-security subscribers in general: On Thu, Sep 03, 2015 at 09:36:29AM +0300, Solar Designer wrote: > On Thu, Sep 03, 2015 at 05:25:11AM +0000, Fiedler Roman wrote: > > What about "tail -f /var/log/syslog", Apache or other kind of logs for > > debugging? [Yes, that's often how logs are running over the screen in videos > > when talking about IT-security]. It's convenient and I'm using screen > > exactly to avoid any injection of commands via TIOCSTI into my current TTY > > when a context switch is needed before starting tail, e.g. when working with > > LXC containers. > > "tail -f" on a log file is indeed very common, but it is bad practice > (akin to other very common bad practices like a sysadmin going into a > user's homedir as root). A safer alternative in terms of terminal > escapes is the "F" keypress in "less -nU" (or in "less -nUEX" to more > closely resemble "tail -f"). Unfortunately, I am not aware of a > command-line option that would do this (that is, assume that "F" was > pressed right away) - perhaps one should be added, if it's not already > in there. Dmitry V. Levin pointed out to me off-list that less already provides a way to specify its normally interactive commands on the command line. The man page says: +cmd Causes the specified cmd to be executed each time a new file is examined. For example, +G causes less to initially display each file starting at the end rather than the beginning. and indeed e.g. "less -nUEX +F" works as desired. > Unfortunately, less is more complicated and has greater > attack surface than tail. Maybe this can be partially mitigated by > using the C locale with it (no UTF-8), but I did not look into that. Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.