Re: Re: Terminal Control Chars

[Russ Allbery <eagle () eyrie org>]

"David A. Wheeler" <dwheeler () dwheeler com> writes:
> Russ Allbery:

> > I think a useful definition of "control character" in this context (and
> > I realize this doesn't exactly match the ASCII definition) is a
> > character that results in an action other than insertion being taken...
> > CR and LF would not be control characters in that definition, since
> > they insert a newline and don't cause an action. Similarly, TAB
> > wouldn't be a control character in that definition.

> As you noted, that definition doesn't match the ASCII definition, but I
> also think it's misleading.  If someone pastes a CR/LF into a shell
> prompt, it certainly *DOES* cause an action, namely, execution of that
> line.  That's probably not what you meant by "action", but from a
> security point-of-view, causing a script to execute is rather important
> :-).

That's a fair counterpoint.

That unfortunately means that the specification one wants is to deny
pasting control messages except for a particular set (since you're
certainly not going to want to stop pasting of a newline sequence, and
probably not pasting of tabs), and then you have to find the right way to
define that set of characters that you want to allow.

I have some "I know it when I see it" definition in my head, but it's hard
to be precise without listing out the specific characters that I would
allow and that I would disallow (at least as interpreted commands).

-- 
Russ Allbery (eagle () eyrie org)              <http://www.eyrie.org/~eagle/>