[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#691642: xterm: outputting the mc5 sequence (prtr_on / turn on printer) makes xterm crash

Hi,
* Vincent Lefevre <vincent@vinc17.net> [2012-10-28 00:11]:
> When cat'ing some binary file, my xterm crashed. I've managed to find
> the cause: the mc5 terminfo sequence (prtr_on / turn on printer). The
> problem can be reproduced with:
> 
> 1. Run xterm from another terminal.
> 2. Run the following command:
>      printf "\033[5i"
>    or
>      tput mc5
>    The message "sh: 1: : Permission denied" appears in the first
>    terminal.

I can't reproduce this with xterm 278-2 on amd64.
[...] 

> In addition to possible data loss due to the crash, this is a security
> problem, because the sequence may appear in a remote file.

Sorry, I couldn't parse this sentence. What exactly are the security 
implications? So far I don't see how this qualifies for a security bug.

Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA
Reply to: