Home page logo
/

bugtraq logo Bugtraq mailing list archives

RE: Terminal Emulator Security Issues
From: "Kenn Humborg" <kenn () bluetree ie>
Date: Mon, 3 Mar 2003 17:43:28 -0000

After further investigation, I'd like to point out the following:

Eterm has *never* allowed any control characters in its title/icon
name sequences.  The following bit of code has existed at least since
Eterm was first committed to CVS:

                else if (ch < ' ')
                    return;     /* control character - exit */

in term.c::process_xterm_seq(), line 1270 or so.

So there was never any way to get escape sequences in the title to
begin with, meaning that the command cannot be hidden using any
character attributes or background/foreground color matching.

What about the CSI character, code 155 (128+27), which DEC terminals
(from at least vt220) interpret as a "shorthand" for "ESC ["?

   http://vt100.net/docs/vt220-rm/chapter2.html#S2.5.2

Later,
Kenn


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]