1 This patch prevents a code execution vector involving terminal escape
2 sequences when rxvt-unicode is in "secure mode".
4 This change was spurred by the following conversation on the
5 oss-security mailing list:
7 Problem description and proof of concept:
8 http://seclists.org/oss-sec/2017/q2/190
11 http://seclists.org/oss-sec/2017/q2/291
13 Patch copied from upstream source repository:
14 http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583
16 --- rxvt-unicode/src/command.C 2016/07/14 05:33:26 1.582
17 +++ rxvt-unicode/src/command.C 2017/05/18 02:43:18 1.583
19 /* kidnapped escape sequence: Should be 8.3.48 */
20 case C1_ESA: /* ESC G */
21 // used by original rxvt for rob nations own graphics mode
22 - if (cmd_getc () == 'Q')
23 + if (cmd_getc () == 'Q' && option (Opt_insecure))
24 tt_printf ("\033G0\012"); /* query graphics - no graphics */
30 case CSI_CUB: /* 8.3.18: (1) CURSOR LEFT */
31 - case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */
32 + case CSI_HPB: /* 8.3.59: (1) CHARACTER POSITION BACKWARD */
35 #else /* emulate common DEC VTs */