emacs-orgmode
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Thoughts on the standardization of Org


From: Tim Cross
Subject: Re: Thoughts on the standardization of Org
Date: Wed, 11 Nov 2020 17:40:51 +1100
User-agent: mu4e 1.5.6; emacs 27.1.50

Jean Louis <bugs@gnu.support> writes:

> * Tim Cross <theophilusx@gmail.com> [2020-11-11 01:30]:
>>
>> Jean Louis <bugs@gnu.support> writes:
>>
>> > * Maxim Nikulin <manikulin@gmail.com> [2020-11-10 19:31]:
>> >> 2020-11-10 Greg Minshall wrote:
>> >> >
>> >> > i would guess
>> >> > using 'cat -v' to read e-mail is 100% safe.  even throwing in
>> >> > uudecode(1), or whatever is needed to decode base64, (and then piping
>> >> > through 'cat -v', of course ), it's probably still safe.
>> >>
>> >> Please, check that you have at least updated tmux before applying such
>> >> "safe" handler: https://www.openwall.com/lists/oss-security/2020/11/05/3 
>> >> The
>> >> news are too recent to not mention the link in such context.
>> >>
>> >> The sour story is that it is unsafe to feed non-trusted files directly to
>> >> terminal. A filter against control sequences is required.
>> >
>> > Is there anyway to disable control sequences? Than cat can be aliased.
>>
>>
>> It should be noted that this vulnerability is a buffer overflow exploit
>> which ASLR effectively mitigates. This doesn't mean that it isn't a
>> serious bug in tmux, but it does mean that unless you have disabled
>> ASLR, there is no known exploit (i.e. it is only theoretical). Given the
>> popularity of tmux, I suspect it will be patched and a new version
>
> Do you know how to disable control sequences?

No, I doubt you can as they are fairly fundamental to tmux operation.

--
Tim Cross



reply via email to

[Prev in Thread] Current Thread [Next in Thread]