[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] [grotty]: Use terminfo.
|
From: |
Ingo Schwarze |
|
Subject: |
Re: [PATCH] [grotty]: Use terminfo. |
|
Date: |
Sun, 20 Aug 2023 14:03:30 +0200 |
Hi Branden,
i did not spend the time yet to understand what this discussion is all
about, and it seems to have very low priority for me, at the same time
as there are lots of moderate to high priority tasks open for me -
including, for example, support for lower-case .TH/.Dt and .SH/.Sh and
for .MR in mandoc plus various other topics, so i'm not likely to look
at the discussion this mail belongs to soon - oh wait, actually, i might
have to investigate what is going on here before updating the OpenBSD
port of groff because if it is dangerous, i might have to hardcode -c in
our groff port to protect our users from vulnerabilities.
I'm not saying that will be needed - but merely that i did not
investigate yet and that i have a bad feeling about it.
G. Branden Robinson wrote on Sun, Aug 20, 2023 at 01:52:14AM -0500:
> I guess I need to understand more about the purported hazards of `-r`.
Fortunately, that part is trivial.
Essentially, using -r for manual page display amounts to enabling remote
exploits. In some circumstances, it may allow manual page authors to
run arbitrary code as your user ID on your machine. In many
circumstances, it will cause reliability issues, i.e. remote attackers
can change the way your terminal shows output (hiding information from
you or inserting bogus information) or interprets what you type
(potentially changing the effect of commands you are typing into the
terminal). It certainly allows remote DOS attacks, i.e. making your
terminal unusable. If you ever look at manual pages as root -
admittedly, i am quite careful to never do that on sytems running man-db
or groff for manual page display, but i occasionally do it on systems
running mandoc, and i guess many Linux users will fail to be careful
about avoiding to run man(1) as root - all of the above may turn into
remote root exploits.
In a nutshell, less -r must NEVER be run on untrusted input, and manual
pages are a prime example of untrusted input. I mean, have you ever
heard about anybody performing a security audit on manual page source
code, to find out whether the manual pages in question contain any
malicious code? If the answer is "no", or even if it is "well, i assume
there may be at least some manual pages on my system that have not been
audited for security by people i trust", then you have to treat manual
pages as potentially malicious input.
As a matter of fact, i even avoid using less -R for manual page display
for security reasons. While admittedly, the -R option has been designed
such that it ought to be safe, that is only true as long as the specific
terminal emulator being used doesn't contain bugs that mix up escape
sequences. As a software developer, i occasionally test non-standard
terminal emulators, and then i don't want to have to remember changing
my PAGER environment variable, so i prefer playing PAGER safely in the
first place.
Yours,
Ingo
- [PATCH] [grotty]: Use terminfo., Lennart Jablonka, 2023/08/19
- Re: [PATCH] [grotty]: Use terminfo., G. Branden Robinson, 2023/08/20
- Re: [PATCH] [grotty]: Use terminfo.,
Ingo Schwarze <=
- Re: [PATCH] [grotty]: Use terminfo., Lennart Jablonka, 2023/08/20
- Re: [PATCH] [grotty]: Use terminfo., Lennart Jablonka, 2023/08/21
- Re: [PATCH] [grotty]: Use terminfo., Ingo Schwarze, 2023/08/22
- Re: [PATCH] [grotty]: Use terminfo., Lennart Jablonka, 2023/08/22
- Re: [PATCH] [grotty]: Use terminfo., Ingo Schwarze, 2023/08/23
- Re: [PATCH] [grotty]: Use terminfo., Alexis, 2023/08/22
- Re: [PATCH] [grotty]: Use terminfo., Ingo Schwarze, 2023/08/23