Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Terminal Emulator Security Issues

From: "Kenn Humborg" <kenn () bluetree ie>
Date: Mon, 3 Mar 2003 17:43:28 -0000
After further investigation, I'd like to point out the following:

Eterm has *never* allowed any control characters in its title/icon
name sequences.  The following bit of code has existed at least since
Eterm was first committed to CVS:

                else if (ch < ' ')
                    return;     /* control character - exit */

in term.c::process_xterm_seq(), line 1270 or so.

So there was never any way to get escape sequences in the title to
begin with, meaning that the command cannot be hidden using any
character attributes or background/foreground color matching.


What about the CSI character, code 155 (128+27), which DEC terminals
(from at least vt220) interpret as a "shorthand" for "ESC ["?

   http://vt100.net/docs/vt220-rm/chapter2.html#S2.5.2

Later,
Kenn
Previous By Date Next
Previous By Thread Next

Current thread: