Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 1 May 2017 14:13:16 -0700
From: Michal Zalewski <>
To: oss-security <>
Subject: Re: terminal emulators' processing of escape sequences

> Besides (mis)features, there may also be implementation bugs.

It is perhaps worth noting that guided fuzzing has been used in this
space with good results, too. For example, AFL was credited on at
least the following in rxvt, tmux, screen, and mosh:

Especially if what's highlighted in this thread can be found with a
simple script, I'm betting there's far more beneath the surface.
Guided fuzzers have the advantage of being able to discover features
that may be undocumented or hard to spot, so a more comprehensive dive
into all the terminal emulators in use today would probably be quite


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.