Re: FWD: Debian Swirl ascii-art

To: Josip Rodin <joy@cibalia.gkvk.hr>
Cc: Joseph Carter <knghtbrd@d2dc.net>, "Marco d'Itri" <md@Linux.IT>, <debian-devel@lists.debian.org>
Subject: Re: FWD: Debian Swirl ascii-art
From: John Galt <galt@inconnu.isu.edu>
Date: Sun, 15 Jul 2001 19:58:13 -0600 (MDT)
Message-id: <[🔎] Pine.LNX.4.33.0107151832170.1087-100000@inconnu.isu.edu>
In-reply-to: <[🔎] 20010715215419.C25889@cibalia.gkvk.hr>

On Sun, 15 Jul 2001, Josip Rodin wrote:

>On Sun, Jul 15, 2001 at 11:42:02AM -0700, Joseph Carter wrote:
>> >  >I find it slightly scary that that displayed in color under mutt. DOes
>> >  >it allow arbitrary escape sequences through?
>> > Yes, but it is not supported and is known to interfere with normal
>> > coloring made by mutt itself.
>>
>> You are aware of the exploitability of passing raw escape sequences to a
>> terminal?
>
>What exactly can happen?

Have you ever heard of an ANSI bomb?  Through escape sequences, you can
redefine other escape sequences.

http://totse.com/en/viruses/virus_information/ab2.html

Shows some exploitation possibilities.  Baically, you can use the escape
characters to execute an alias command on localhost.  Most ANSI bombing
was done in DOS, so privileges weren't a big issue, but I assume that a
suitably obscene ANSI bomb could remap enough to screw a user over big
time: alias ls to rm -r for example.

>I have a bug report on joe about this, #42631, but as yet nobody has told me
>how exactly is that bad security-wise, see the bug log. :(
>
>

-- 
Armageddon means never having to say you're sorry.

Who is John Galt?  galt@inconnu.isu.edu, that's who!

Reply to:

References:
- Re: FWD: Debian Swirl ascii-art
  - From: Josip Rodin <joy@cibalia.gkvk.hr>

Prev by Date: Re: Today's missing files from ike.egr.msu.edu debian archive
Next by Date: Re: OFF-TOPIC New 'testing' codename
Previous by thread: Re: FWD: Debian Swirl ascii-art
Next by thread: Re: FWD: Debian Swirl ascii-art
Index(es):
- Date
- Thread