This patch prevents a code execution vector involving terminal escape
sequences when rxvt-unicode is in "secure mode".
This change was spurred by the following conversation on the
oss-security mailing list:
Problem description and proof of concept:
http://seclists.org/oss-sec/2017/q2/190
Upstream response:
http://seclists.org/oss-sec/2017/q2/291
Patch copied from upstream source repository:
http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583
--- rxvt-unicode/src/command.C 2016/07/14 05:33:26 1.582
+++ rxvt-unicode/src/command.C 2017/05/18 02:43:18 1.583
@@ -2695,7 +2695,7 @@
/* kidnapped escape sequence: Should be 8.3.48 */
case C1_ESA: /* ESC G */
// used by original rxvt for rob nations own graphics mode
- if (cmd_getc () == 'Q')
+ if (cmd_getc () == 'Q' && option (Opt_insecure))
tt_printf ("\033G0\012"); /* query graphics - no graphics */
break;
@@ -2914,7 +2914,7 @@
break;
case CSI_CUB: /* 8.3.18: (1) CURSOR LEFT */
- case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */
+ case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */
#ifdef ISO6429
arg[0] = -arg[0];
#else /* emulate common DEC VTs */
nux-libre/6.6-arm.conf'>logtreecommitdiff
|
Age | Commit message (Expand) | Author |
2023-07-23 | gnu: Add linux-libre 6.6.1....* gnu/packages/linux.scm (linux-libre-6.6-version, linux-libre-6.6-gnu-revision,
deblob-scripts-6.6, linux-libre-6.6-pristine-source, linux-libre-6.5-source,
linux-libre-headers-6.6, linux-libre-6.6): New variables.
* gnu/packages/aux-files/linux-libre/6.6-arm.conf,
gnu/packages/aux-files/linux-libre/6.6-arm64.conf,
gnu/packages/aux-files/linux-libre/6.6-i686.conf,
gnu/packages/aux-files/linux-libre/6.6-x86_64.conf: New files.
* Makefile.am (AUX_FILES): Add them.
Change-Id: I37b2b98b8a2ec745137e92380f34e69082c5e662
Signed-off-by: Leo Famulari <leo@famulari.name>
| Wilko Meyer |