Date: Thu, 10 Sep 1998 20:52:53 -0500 From: Jon Hamilton <hamilton@pobox.com> To: Brian Behlendorf <brian@hyperreal.org> Cc: andrew@squiz.co.nz, security@FreeBSD.ORG Subject: Re: terminal escape exploit (was Re: cat exploit) Message-ID: <199809110148.SAA18718@hub.freebsd.org> In-Reply-To: Your message of "Thu, 10 Sep 1998 17:33:41 PDT." <19980911003306.3455.qmail@hyperreal.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <19980911003306.3455.qmail@hyperreal.org>, Brian Behlendorf wrote: } At 09:19 AM 9/11/98 +1200, Andrew McNaughton wrote: } >On Thu, 10 Sep 1998, Studded wrote: } > } >> It seems to me that a lot of people missed the point of one of the } >> warnings that someone else posted in response actually. Don't use cat } >> routinely to view files. Use more, or better yet less since less doesn't } >> view binary files by default. } > } >It's not just cat that you've got to worry about. tail is another one. } >How many people routinely use 'tail -f' to monitor log info that includes } >potentially tainted content. } } Yeah, especially when trying to debug a problem that requires root. I do } this. } } >The problem is not cat. It's xterm and other similar terminal programs. } } I agree. Even if the old-timers around here are saying "it's always been } like that, just don't do it and it'll be all OK", I still see this as a } design flaw, and would like to believe that "running arbitrary commands" } can be prevented without preventing all the legitimate uses for escape } sequences. One legitimate (if questionable) use _is_ to run arbitrary commands (well, to output arbitrary text, the rest is all downhill from there). Is it a good idea? Depends. Could someone who was sick enough to be doing that do it another way? Almost certainly. But you can't change the functionality without affecting _something_ someone is doing _somewhere_. The question is whether the loss of functionality is outweighed by the gains. Peoples' opinions as to the answer to that question are, um, not unanimous, as you see. As has been suggested, the thing to do would be for someone who cares to patch xterm (and rxvt, and anything else that does emulation of virtually any intelligent terminal ever built) to permit a compile- (or, better yet, run-time) option to turn off this feature. Submit the patch to the maintainers of the code in question and argue with them about it if necessary. -- Jon Hamilton hamilton@pobox.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809110148.SAA18718>