Date: Mon, 01 May 2017 19:25:00 +0200 From: Yves-Alexis Perez <corsac@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: terminal emulators' processing of escape sequences On Mon, 2017-05-01 at 18:44 +0200, Solar Designer wrote: > Yves-Alexis Perez of Debian pointed out that whether these crashes occur > or not may be related to the version of vte. I'll leave it up to him to > post a follow-up on that. Indeed, original tests by Solar Designer and Jason A. Donenfeld might have targeted xfce4-terminal 0.6 which is written in GTK2 and use vte2 while more recent versions (starting 0.8) use GTK3 and vte3. I tried running the perl script with current Debian sid and: xfce4-terminal 0.8.4-1 libvte-2.91-0:amd64 0.46.1-1 libgtk-3-0:amd64 3.22.12-1 I wasn't able to make the process crash (it seems stuck at some point but the window is somehow resized and I don't have access to the content so it' not clear why). Out of curiosity I also tried lxterminal (0.3.0-1) which is vte2 based, along with: libvte9 1:0.28.2-5+b libgtk2.0-0:amd64 2.24.31-2 and I wasn't able to crash the process either. This time the perl process terminates successfully. Regards, -- Yves-Alexis Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.