[Secure-testing-team] Bug#691642: xterm: outputting the mc5 sequence (prtr_on / turn on printer) makes xterm crash
Vincent Lefevre
vincent at vinc17.net
Sat Oct 27 22:07:04 UTC 2012
Package: xterm
Version: 278-2
Severity: grave
Tags: security
Justification: causes non-serious data loss
When cat'ing some binary file, my xterm crashed. I've managed to find
the cause: the mc5 terminfo sequence (prtr_on / turn on printer). The
problem can be reproduced with:
1. Run xterm from another terminal.
2. Run the following command:
printf "\033[5i"
or
tput mc5
The message "sh: 1: : Permission denied" appears in the first
terminal.
3. Type [Enter]. This terminates xterm with the exit code 13.
I have the following X resource:
*printerCommand: ""
The xterm(1) man page says:
printerCommand (class PrinterCommand)
Specifies a shell command to which xterm will open a pipe when
the first MC (Media Copy) command is initiated. The default is
an empty string, i.e., “”. If the resource value is given as
an empty string, the printer is disabled.
So, it doesn't behave correctly with the empty string!
In addition to possible data loss due to the crash, this is a security
problem, because the sequence may appear in a remote file.
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.5-trunk-amd64 (SMP w/2 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages xterm depends on:
ii libc6 2.13-36
ii libfontconfig1 2.9.0-7
ii libice6 2:1.0.8-2
ii libtinfo5 5.9-10
ii libutempter0 1.1.5-4
ii libx11-6 2:1.5.0-1
ii libxaw7 2:1.0.10-2
ii libxft2 2.3.1-1
ii libxmu6 2:1.1.1-1
ii libxt6 1:1.1.3-1
ii xbitmaps 1.1.1-2
Versions of packages xterm recommends:
ii x11-utils 7.7~1
Versions of packages xterm suggests:
pn xfonts-cyrillic <none>
-- no debconf information
More information about the Secure-testing-team
mailing list