BugTraq
Terminal Emulator Security Issues Feb 24 2003 09:02PM
H D Moore (termulation digitaloffense net) (2 replies)
Re: Terminal Emulator Security Issues Feb 25 2003 02:09AM
Michael Jennings (mej eterm org) (1 replies)
Re: Terminal Emulator Security Issues Feb 25 2003 02:07PM
H D Moore (termulation digitaloffense net) (1 replies)
Re: Terminal Emulator Security Issues Feb 25 2003 05:28PM
Michael Jennings (mej eterm org) (1 replies)
Re: Terminal Emulator Security Issues Mar 02 2003 09:37PM
Michael Jennings (mej eterm org) (1 replies)
RE: Terminal Emulator Security Issues Mar 03 2003 05:43PM
Kenn Humborg (kenn bluetree ie) (1 replies)
> After further investigation, I'd like to point out the following:
>
> Eterm has *never* allowed any control characters in its title/icon
> name sequences. The following bit of code has existed at least since
> Eterm was first committed to CVS:
>
> else if (ch < ' ')
> return; /* control character - exit */
>
> in term.c::process_xterm_seq(), line 1270 or so.
>
> So there was never any way to get escape sequences in the title to
> begin with, meaning that the command cannot be hidden using any
> character attributes or background/foreground color matching.

What about the CSI character, code 155 (128+27), which DEC terminals
(from at least vt220) interpret as a "shorthand" for "ESC ["?

http://vt100.net/docs/vt220-rm/chapter2.html#S2.5.2

Later,
Kenn

[ reply ]
Re: Terminal Emulator Security Issues Mar 03 2003 06:01PM
Michael Jennings (mej eterm org)
Re: Terminal Emulator Security Issues Feb 25 2003 12:23AM
Juraj Ziegler (e hq sk)


 

Privacy Statement
Copyright 2010, SecurityFocus