Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALx_OUDauCKOg20Lp5wumy_JUiu7Cj3=-d-HJSci+nROrK8BRw@mail.gmail.com>
Date: Mon, 1 May 2017 14:13:16 -0700
From: Michal Zalewski <lcamtuf@...edump.cx>
To: oss-security <oss-security@...ts.openwall.com>
Subject: Re: terminal emulators' processing of escape sequences

> Besides (mis)features, there may also be implementation bugs.

It is perhaps worth noting that guided fuzzing has been used in this
space with good results, too. For example, AFL was credited on at
least the following in rxvt, tmux, screen, and mosh:

http://lists.schmorp.de/pipermail/rxvt-unicode/2015q3/002155.html
http://lists.schmorp.de/pipermail/rxvt-unicode/2015q3/002164.html
https://savannah.gnu.org/bugs/?45715
https://savannah.gnu.org/bugs/?45713
https://savannah.gnu.org/bugs/?45714https://github.com/tmux/tmux/issues/92
https://github.com/tmux/tmux/commit/3219e0314e3d1d39a57db330faa5693ce0264244
https://github.com/mobile-shell/mosh/issues/667

Especially if what's highlighted in this thread can be found with a
simple script, I'm betting there's far more beneath the surface.
Guided fuzzers have the advantage of being able to discover features
that may be undocumented or hard to spot, so a more comprehensive dive
into all the terminal emulators in use today would probably be quite
fruitful.

/mz

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.