Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
(from the Wheeler link)
Also, I suddenly don't feel so happy about using GNU screen all the time...
Control characters in file names
Posted Nov 25, 2010 16:52 UTC (Thu) by Spudd86 (guest, #51683)
Posted Nov 25, 2010 23:20 UTC (Thu) by cmccabe (guest, #60281)
Posted Dec 2, 2010 19:46 UTC (Thu) by Ross (subscriber, #4065)
Allowing write to write to your terminal is a security problem though I think talk filters out control characters. Running any program even as an unprivileged user with no filesystem access is a problem if the output is going to your terminal. Just cating a file from an unknown source is an issue. Running a program on an unsanitized input might cause it to print error messages or other strings without stripping out special characters.
Basically the terminal is full of security issues because it obeys control characters no matter how they get there and traditionally lots of stuff gets written to your screen from unsanitized sources.
Instead of changing the filesystem to fix a very small part of that (and let's face it, if you have something writing out malicious filenames, it's probably writing out malicious file contents), there should be a more comprehensive approach. For example, there could be a mechanism to add a tty filter process which could sanitize the output for your specific terminal. Ideally the terminal program would set it up before starting the shell (console and remote logins would need to be handled too, and remote logins are harder because the terminal type isn't known until login, if ever). The hard part is that you want some control characters to get through -- and probably different ones from different sources (setting the xterm title in your shell prompt code for example). There would need to be a way to get different interfaces for the shell, trusted programs, and untrusted programs. How to do this without redesigning the shell and all the utilities? :(
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds