I'm not entirely convinved of this Francois. I had a read of the article, and just filtering out 0x1B means all escape sequences disappear.
Ordinary tail certainly doesn't appear to be quite that severe (if it filters anything at all). The problem I see if that if you have some source of data that is using terminal colour sequences, then it'll start looking all broken :-( Do you have any further thoughts on this? To me (reading the report) it doesn't look like there's any "big" attacks for common terminals, the most severe looked like the screen dumping one, and I couldn't make that work on my rxvt :-( On Mon, Apr 06, 2009 at 06:17:02PM +1200, Francois Marier wrote: > Package: monkeytail > Version: 0.3.2-1 > Severity: normal > > As described here: > > Terminal Emulator Security Issues > H D Moore, Digital Defense Inc. > http://seclists.org/fulldisclosure/2003/Feb/att-0341/Termulation_txt > > Certain terminal emulators are vulnerable to attacks through escape sequence > features. While these bugs should be fixed in the terminals themselves, it > would > be nice if monkeytail could also filter them out for extra safety, in case an > admin > is tailing an affected logfile in a vulnerable terminal. > > I believe that it would simply involve removing/escaping the ACSII escape > character > (0x1B). > > Francois > > -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
