Originally published at: https://www.whonix.org/blog/might-terminal-emulators-konsole-xterm-remotely-exploitable-security-bugs
One might assume terminal emulators such as konsole or xterm are simple programs not to be exploited, but well, let’s rethink.
Showing output from untrusted remote sources (sdwdate time provider server replies; replies by Tor) might exploit bugs in terminal-emulators such as
For example, open
let it run for a while and then abort using the usual
ctrl + c. Then press enter. You’ll see that it shows some weird characters followed by command not found. How come the output of a running program in terminal can influence what is written in the following command prompt?
- research historically fixed and current bugs in terminal emulators
- perhaps move to a security focused terminal emulator
- no longer write untrusted output to logs
- educate users about this risk (
catcould be dangerous)