LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Sanitizing log file output

Sanitizing log file output

Posted Jun 30, 2011 10:34 UTC (Thu) by etienne (subscriber, #25256)
Parent article: Sanitizing log file output

If ESC i.e.'\033' is forbidden, you may also want to forbid CSI i.e. '\233' which was treated at a short version of "\033[" in VT200+ in 8 bits mode.
The trick is to set the name of the terminal to "sudo rm -rf /" and then ask the terminal name, but that is not supported by most terminal emulators.
Also, could forbid XON/XOFF writing to the console, if filtering is needed.

(Log in to post comments)

Sanitizing log file output

Posted Jun 30, 2011 14:08 UTC (Thu) by cesarb (subscriber, #6266) [Link]

Wait, isn't 0x9B perfectly valid as part of a normal UTF-8 character? You would have to know whether the terminal which will display the log output (which could be on a different machine running a different operating system on the other side of the world) is in UTF-8 mode (in which case CSI is 0xC2 0x9B, and other sequences containing 0x9B should not be filtered out), or in ISO-8859-1 mode (in which case 0x9B should always be filtered out), or in some other mode (I have no idea how other multibyte encodings represent CSI).

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds