RE: Terminal Emulator Security Issues

From: Kenn Humborg (kennat_private)
Date: Mon Mar 03 2003 - 09:43:28 PST

Next message: Per-Ola Kristiansson: "Re: Easy obtaining User+Pass+More on CoffeeCup Password Wizard All Versions"

Previous message: FreeBSD Security Advisories: "FreeBSD Security Advisory FreeBSD-SA-03:04.sendmail"
In reply to: Michael Jennings: "Re: Terminal Emulator Security Issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> After further investigation, I'd like to point out the following:
> 
> Eterm has *never* allowed any control characters in its title/icon
> name sequences.  The following bit of code has existed at least since
> Eterm was first committed to CVS:
> 
>                 else if (ch < ' ')
>                     return;     /* control character - exit */
> 
> in term.c::process_xterm_seq(), line 1270 or so.
> 
> So there was never any way to get escape sequences in the title to
> begin with, meaning that the command cannot be hidden using any
> character attributes or background/foreground color matching.

What about the CSI character, code 155 (128+27), which DEC terminals
(from at least vt220) interpret as a "shorthand" for "ESC ["?

   http://vt100.net/docs/vt220-rm/chapter2.html#S2.5.2

Later,
Kenn

Next message: Per-Ola Kristiansson: "Re: Easy obtaining User+Pass+More on CoffeeCup Password Wizard All Versions"
Previous message: FreeBSD Security Advisories: "FreeBSD Security Advisory FreeBSD-SA-03:04.sendmail"
In reply to: Michael Jennings: "Re: Terminal Emulator Security Issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Mar 03 2003 - 10:33:40 PST