Date: Mon, 1 May 2017 14:13:16 -0700 From: Michal Zalewski <lcamtuf@...edump.cx> To: oss-security <oss-security@...ts.openwall.com> Subject: Re: terminal emulators' processing of escape sequences > Besides (mis)features, there may also be implementation bugs. It is perhaps worth noting that guided fuzzing has been used in this space with good results, too. For example, AFL was credited on at least the following in rxvt, tmux, screen, and mosh: http://lists.schmorp.de/pipermail/rxvt-unicode/2015q3/002155.html http://lists.schmorp.de/pipermail/rxvt-unicode/2015q3/002164.html https://savannah.gnu.org/bugs/?45715 https://savannah.gnu.org/bugs/?45713 https://savannah.gnu.org/bugs/?45714https://github.com/tmux/tmux/issues/92 https://github.com/tmux/tmux/commit/3219e0314e3d1d39a57db330faa5693ce0264244 https://github.com/mobile-shell/mosh/issues/667 Especially if what's highlighted in this thread can be found with a simple script, I'm betting there's far more beneath the surface. Guided fuzzers have the advantage of being able to discover features that may be undocumented or hard to spot, so a more comprehensive dive into all the terminal emulators in use today would probably be quite fruitful. /mz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.