Re: Eterm & others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]

To: debian-security@lists.debian.org
Subject: Re: Eterm & others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
From: Giacomo Mulas <gmulas@ca.astro.it>
Date: Tue, 20 Apr 2004 10:08:27 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.4.56.0404201002500.5187@capitanata.ca.astro.it>
Reply-to: Giacomo Mulas <gmulas@ca.astro.it>
In-reply-to: <[🔎] 20040419193127.GC3843@kontryhel.haltyr.dyndns.org>
References: <[🔎] 200404172216.11138.jluehr@gmx.net> <[🔎] 20040418165633.GW12830@alcor.net> <[🔎] 200404182047.16630.jluehr@gmx.net> <[🔎] 20040418185821.GB12830@alcor.net> <[🔎] 20040419160851.GA27171@kontryhel.haltyr.dyndns.org> <[🔎] 20040419163247.GM31523@alcor.net> <[🔎] 20040419175127.GA3843@kontryhel.haltyr.dyndns.org> <[🔎] 20040419181841.GU31523@alcor.net> <[🔎] 20040419193127.GC3843@kontryhel.haltyr.dyndns.org>

On Mon, 19 Apr 2004, Jan Minar wrote:

> On Mon, Apr 19, 2004 at 11:18:41AM -0700, Matt Zimmerman wrote:
> > On Mon, Apr 19, 2004 at 07:51:27PM +0200, Jan Minar wrote:
> >
> > > Come on, Matt:  Virtually all terminal emulators are vulnerable, and the
> > > vulnerability is a common knowledge.  The abovementioned paper was on
> > > Bugtraq 2003-02-24 21:02:52...  Is the Security Team going to do
> > > something about it themselves (filing RC bugs at least)?
> >
> > You are part of a community, not somebody purchasing a service.  Take some
> > initiative and contribute.
>
> And as a part of this community, I am saying right now:  We have a big
> problem, and the problem is we don't deal with security issues known for
> decades, while happily convincing newcomers our system is fairly
> secure.  It's not.

Since you are part of the community, do something to fix the problem,
instead of just whining about it. Contributing some work will buy you the
right to criticise other people's hard work, until then please point out
bugs (which is useful) but otherwise please keep your flames for yourself
and shut up.

bye
Giacomo

-- 
_________________________________________________________________

Giacomo Mulas <gmulas@ca.astro.it>
_________________________________________________________________

OSSERVATORIO ASTRONOMICO DI CAGLIARI
Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)

Tel. (OAC): +39 070 71180 248     Fax : +39 070 71180 222
Tel. (UNICA): +39 070 675 4916
_________________________________________________________________

"When the storms are raging around you, stay right where you are"
                         (Freddy Mercury)
_________________________________________________________________

Reply to:

References:
- CAN-2003-0020?
  - From: Jan Lühr <jluehr@gmx.net>
- Re: CAN-2003-0020?
  - From: Matt Zimmerman <mdz@debian.org>
- Re: CAN-2003-0020?
  - From: Jan Lühr <jluehr@gmx.net>
- Re: CAN-2003-0020?
  - From: Matt Zimmerman <mdz@debian.org>
- Eterm & others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
  - From: Jan Minar <jjminar@fastmail.fm>
- Re: Eterm & others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
  - From: Matt Zimmerman <mdz@debian.org>
- Re: Eterm & others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
  - From: Jan Minar <jjminar@fastmail.fm>
- Re: Eterm & others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
  - From: Matt Zimmerman <mdz@debian.org>
- Re: Eterm & others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
  - From: Jan Minar <jjminar@fastmail.fm>

Prev by Date: Re: makedev: /dev/tty([0-9])* should not have 666 permissions
Next by Date: SSH, PubkeyAuthentication and UsePam - security problem or RTFM?
Previous by thread: Re: Eterm & others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
Next by thread: e-jubilaciones.com
Index(es):
- Date
- Thread