oss-sec mailing list archives
Re: Re: Terminal Control Chars
From: Jakub Wilk <jwilk () jwilk net>
Date: Mon, 16 Apr 2018 10:15:00 +0200
* David A. Wheeler <dwheeler () dwheeler com>, 2018-04-12, 17:18:
Russ Allbery:I think a useful definition of "control character" in this context (and I realize this doesn't exactly match the ASCII definition) is a character that results in an action other than insertion being taken... CR and LF would not be control characters in that definition, since they insert a newline and don't cause an action. Similarly, TAB wouldn't be a control character in that definition.As you noted, that definition doesn't match the ASCII definition, but I also think it's misleading. If someone pastes a CR/LF into a shell prompt, it certainly *DOES* cause an action,
Similarly, tab is an "active" character in most shells.In the worst case (the victim uses bash with bash-completion installed, and the attacker has write access to the victim's filesystem), pasting tab can be as bad as pasting LF.
Here's a proof of concept:
$ printf 'x := $(shell (echo; cowsay pwned)>/dev/tty)' > moo
$ make -f moo <tab>
_______
< pwned >
-------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
Credit for discovering this goes to Dan Rosenberg:
https://twitter.com/djrbliss/status/699363006946344963
--
Jakub Wilk
Current thread:
- Re: Re: Terminal Control Chars, (continued)
- Re: Re: Terminal Control Chars Jakub Wilk (Apr 10)
- Re: Terminal Control Chars Gordo Lowrey (Apr 10)
- Re: Terminal Control Chars Christian Brabandt (Apr 10)
- Re: Terminal Control Chars Jakub Wilk (Apr 12)
- Re: Terminal Control Chars Ian Zimmerman (Apr 12)
- Re: Re: Terminal Control Chars Russ Allbery (Apr 12)
- Re: Re: Terminal Control Chars David A. Wheeler (Apr 12)
- Re: Re: Terminal Control Chars Russ Allbery (Apr 12)
- Re: Re: Terminal Control Chars Simon McVittie (Apr 12)
- Re: Re: Terminal Control Chars David A. Wheeler (Apr 12)
- Re: Re: Terminal Control Chars Jakub Wilk (Apr 16)
- Re: Terminal Control Chars Jakub Wilk (Apr 13)