X Strike Force XFree86 SVN commit: r1954 - in trunk/debian: . local
Author: branden
Date: 2004-10-15 11:36:01 -0500 (Fri, 15 Oct 2004)
New Revision: 1954
Modified:
trunk/debian/CHANGESETS
trunk/debian/changelog
trunk/debian/local/FAQ.xhtml
Log:
Add FAQ entry: Sometimes I get garbage characters like 1;2c in my xterm
windows; what's happening?
Modified: trunk/debian/CHANGESETS
===================================================================
--- trunk/debian/CHANGESETS 2004-10-13 17:39:17 UTC (rev 1953)
+++ trunk/debian/CHANGESETS 2004-10-15 16:36:01 UTC (rev 1954)
@@ -142,4 +142,8 @@
XFree86?
1948, 1949
+Add FAQ entry: Sometimes I get garbage characters like 1;2c in my xterm
+windows; what's happening?
+ 1954
+
vim:set ai et sts=4 sw=4 tw=80:
Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog 2004-10-13 17:39:17 UTC (rev 1953)
+++ trunk/debian/changelog 2004-10-15 16:36:01 UTC (rev 1954)
@@ -51,6 +51,9 @@
* Add FAQ entry: What are Debian's plans with respect to X.Org and
XFree86?
+ * Add FAQ entry: Sometimes I get garbage characters like 1;2c in my xterm
+ windows; what's happening?
+
Changes by Denis Barbier and Fabio M. Di Nitto:
* Edit xc/programs/xkbcomp/symbols/pc/Imakefile so that the new pc/us_intl
@@ -121,7 +124,7 @@
+ Set UseBios default to "no" for PROSAVAGE_DDR and PROSAVAGE_DDRK, as
described at <URL: http://www.probo.com/timr/savage40.html >.
- -- Branden Robinson <branden@debian.org> Tue, 12 Oct 2004 13:32:51 -0500
+ -- Branden Robinson <branden@debian.org> Fri, 15 Oct 2004 11:34:49 -0500
xfree86 (4.3.0.dfsg.1-8) unstable; urgency=high
Modified: trunk/debian/local/FAQ.xhtml
===================================================================
--- trunk/debian/local/FAQ.xhtml 2004-10-13 17:39:17 UTC (rev 1953)
+++ trunk/debian/local/FAQ.xhtml 2004-10-15 16:36:01 UTC (rev 1954)
@@ -158,6 +158,9 @@
why is it messed up now?</a></li>
<li><a href="#composeinput">Why does composing characters work in some
applications but not others?</a></li>
+<li><a href="#xtermresizenoise">Sometimes I get garbage characters like
+ <code class="other">1;2c</code> in my <code class="command">xterm</code>
+ windows; what's happening?</a></li>
</ul>
<h2><a href="#acknowledgements">Acknowledgements</a></h2>
@@ -3035,6 +3038,50 @@
class="filespec">.profile</code>, <code class="filespec">.bashrc</code>, or
whatever your shell uses as an initialization file.</p>
+<h3><a id="xtermresizenoise">Sometimes I get garbage characters like
+ <code class="other">1;2c</code> in my <code class="command">xterm</code>
+ windows; what's happening?</a></h3>
+
+<p><em>Thanks to Thomas Dickey for contributing much of this entry.</em></p>
+
+<p>Occasionally people are concerned that this is a security problem —
+they fear that some rogue application may be trying to inject keystrokes at
+their shell prompt, for example. While <code class="command">xterm</code> and
+other terminal emulators have had bugs like that in the past (see <a
+href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0063">MITRE's CVE
+candidate CAN-2003-0063</a>), this is not such a situation.</p>
+
+<p>What you're seeing is part of the VT100 escape sequence that uses the cursor
+position of the lower-right corner to determine the screen size. You're only
+seeing part of it because the "wrong" application had eaten part of the
+response. (I get that sort of thing if I log into certain machines from the
+FreeBSD console — it doesn't respond as a VT100 would).</p>
+
+<p>Normally I'd see this only due to a misconfiguration and/or combination with
+a timeout. It's annoying but relatively harmless. It's not like the answerback
+or title strings — the response is determined by the terminal geometry and
+can't contain arbitrary text.</p>
+
+<p>If <code class="command">resize</code> cannot get useful information by a
+system call, it positions the cursor far right/down, and then asks the terminal
+where it really got to. Real VT100 terminals won't wrap when positioning the
+cursor to (999,999), but will just move it in that direction until it
+stops<sup>*</sup>.</p>
+
+<p>The response looks like:</p>
+
+<p><code class="other">ESC [ <em>row</em> ; <em>column</em> R</code></p>
+
+<p>where <em>row</em> and <em>column</em> are positive decimal integers. If one
+is in the habit of filling up their <code class="filespec">bin</code> directory
+with malicious scripts named <code class="filespec">79R</code>, <code
+class="filespec">80R</code>, etc., that could be a problem — but I think
+it's a fairly low probability.</p>
+
+<p><sup>*</sup> Some day I'll see a bug report from someone who's got a
+1200x1200 <code class="command">xterm</code>, and (with a script of course),
+they'll determine that resize doesn't give the correct result.</p>
+
<h2><a id="acknowledgements">Acknowledgements</a></h2>
<p>The author would like to thank Andreas Metzler, Guillem Jover, Ingo Saitz,
Reply to: