Re: Eterm & others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
On Mon, Apr 19, 2004 at 06:08:51PM +0200, Jan Minar wrote:
> On Sun, Apr 18, 2004 at 11:58:21AM -0700, Matt Zimmerman wrote:
> > untrusted source. This is a fundamental Unix feature (or flaw). Terminal
> > control sequences may be contained in the data.
>
> I've read this [1]analysis by by H D Moore. No matter how convenient
> the escape sequences that allow injecting of arbitrary data as-if typed
> by the user might be, they should go, and they should go now.
Yes, I agree. Patches and bug reports, where appropriate, are welcome.
These are the real bugs, not Apache's.
--
- mdz
Reply to: