From owner-freebsd-security Thu Sep 10 18:48:50 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA18725 for freebsd-security-outgoing; Thu, 10 Sep 1998 18:48:50 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from pobox.com (rafft-41.mdm.mkt.execpc.com [169.207.84.169]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id SAA18718 for ; Thu, 10 Sep 1998 18:48:44 -0700 (PDT) (envelope-from hamilton@pobox.com) Message-Id: <199809110148.SAA18718@hub.freebsd.org> Received: (qmail 6854 invoked from network); 10 Sep 1998 20:52:53 -0500 Received: from localhost (HELO pobox.com) (127.0.0.1) by localhost with SMTP; 10 Sep 1998 20:52:53 -0500 To: Brian Behlendorf cc: andrew@squiz.co.nz, security@FreeBSD.ORG Subject: Re: terminal escape exploit (was Re: cat exploit) In-reply-to: Your message of "Thu, 10 Sep 1998 17:33:41 PDT." <19980911003306.3455.qmail@hyperreal.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 10 Sep 1998 20:52:53 -0500 From: Jon Hamilton Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <19980911003306.3455.qmail@hyperreal.org>, Brian Behlendorf wrote: } At 09:19 AM 9/11/98 +1200, Andrew McNaughton wrote: } >On Thu, 10 Sep 1998, Studded wrote: } > } >> It seems to me that a lot of people missed the point of one of the } >> warnings that someone else posted in response actually. Don't use cat } >> routinely to view files. Use more, or better yet less since less doesn't } >> view binary files by default. } > } >It's not just cat that you've got to worry about. tail is another one. } >How many people routinely use 'tail -f' to monitor log info that includes } >potentially tainted content. } } Yeah, especially when trying to debug a problem that requires root. I do } this. } } >The problem is not cat. It's xterm and other similar terminal programs. } } I agree. Even if the old-timers around here are saying "it's always been } like that, just don't do it and it'll be all OK", I still see this as a } design flaw, and would like to believe that "running arbitrary commands" } can be prevented without preventing all the legitimate uses for escape } sequences. One legitimate (if questionable) use _is_ to run arbitrary commands (well, to output arbitrary text, the rest is all downhill from there). Is it a good idea? Depends. Could someone who was sick enough to be doing that do it another way? Almost certainly. But you can't change the functionality without affecting _something_ someone is doing _somewhere_. The question is whether the loss of functionality is outweighed by the gains. Peoples' opinions as to the answer to that question are, um, not unanimous, as you see. As has been suggested, the thing to do would be for someone who cares to patch xterm (and rxvt, and anything else that does emulation of virtually any intelligent terminal ever built) to permit a compile- (or, better yet, run-time) option to turn off this feature. Submit the patch to the maintainers of the code in question and argue with them about it if necessary. -- Jon Hamilton hamilton@pobox.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message