|
|||
rxvt buffer overflow?
Hi,
Trying to made a search on duckduckgo about what is the default terminal emulator on OpenBSD, I don't find this response, but other link [1] tell me about a buffer overflow vulnerability on rxvt on the past. Since the xterm is a old and over-coded piece of software and rxvt appear to be vulnerable (on old versions, I don't know currently), I made a search if are other good terminal emulator on the way. Don't find nothing, except the suckless SL [2]. The suckless is the same team of DWM window manager, and the SL seems to be a great software, write in C as most minimalist-as-possible. Anyone use this? I will try to compile it later, but I will appreciate other opinions. I'm not OpenBSD user (yet), but I'm doing some research about that project, because I want -current on a coreboot Thinkpad Greetings. [1] windowsdevcenter.com/pub/a /linux/2001/06/18/insecurities.html [2]: st.suckless.org |
|
||||
Hello, and welcome!
My primary terminal emulator in X is xterm(1). This application and its variants uxterm(1) and koi8rxterm(1) are part of the X.Org distribution. OpenBSD uses that distribution, but with some repackaging and its own Makefile overlays. The application is included in the xbase*.tgz fileset as a standard part of the X Windows System on the OS. The xterm application is still actively maintained, and it has had a good deal of development since the mid 1990s. Its poor reputation may be somewhat dated, as /usr/xenocara/app/xterm/README says (highlight mine): Code:
-- $XTermId: README,v 1.3 2007/05/24 19:49:19 tom Exp $ -- Below is the original README for xterm from 1991, for your amusement. -- For a better overview, see http://invisible-island.net/xterm/ ------------------------------------------------------------------------------- Abandon All Hope, Ye Who Enter Here This is undoubtedly the most ugly program in the distribution. It was one of the first "serious" programs ported, and still has a lot of historical baggage. Ideally, there would be a general tty widget and then vt102 and tek4014 subwidgets so that they could be used in other programs. We are trying to clean things up as we go, but there is still a lot of work to do. If you are porting this to a machine that has problems with overlapping bcopy's, watch out! There are two documents on xterm: the man page, xterm.man, which describes how to use it, and ctlseqs.ms, which describes the control sequences it understands. |
|
|||
Just correcting myself, it is *ST* not SL.
Thanks jggimi! I hope to contribute positively to the forum. Quote:
If I substitute xterm with other terminal emulator, I "leak" the xenocara SSH [if it really do it]? If it do, I can alert suckless team, since the most users are from *BSD (and put ST as daemon ). Thanks. [1]: lxer.com/module/forums/t/26874/ |
|
|||
Welcome!
Xenocara is simply the repackaging & tweaks made to X in order for it to run on OpenBSD. X is a set of daemons & libraries which establishes a messaging platform which X applications use to manipulate the display. As such, X applications act as clients connecting to the underlying X server. ...& the server does not need to exist on the same machine. Also implemented by MIT, X includes a protocol which can send messages over a network to a server running on a different machine. In this manner, X applications displaying on one machine may actually be running on another machine. Quote:
Quote:
|
|
||||
Arrow, your link to the LXer forum is a discussion of tunnelling X Windows in SSH -- very common and widely used -- but including a Microsoft Windows workstation. That complicates the subject a little, since Microsoft Windows has neither a native SSH client nor a native X Windows server, and third party software for both of those must be used.
An X application (called an "X Client") communicates with the software that drives display and input devices ("X Server") via networking protocols. Inside the same workstation, these protocols use local TCP sockets, and do not use any network interfaces. There is nothing to "leak" external to the platform. The X Windows System security features are focused on authentication between X client applications and X servers. To the X Windows System, it does not matter if the clients and servers are on the same workstation, or using a network. Securing the network, or securing the workstation display memory, are outside of its concerns. The traffic between X client and X server is not encrypted, whether inside the same workstation or between systems using a network. SSH is commonly used when moving graphics between systems, to secure the network portion of the traffic. Since you asked about terminal X client applications, when used for console traffic to remote systems, most commonly these are used only on local workstations, and only the terminal traffic (ASCII, UTF-8, etc.) is communicated remotely, and that can be done quite securely with a local SSH client connected to the remote system's SSH server. Moving character traffic is much faster than moving graphical traffic -- far fewer bytes are transmitted or received. All graphical traffic -- resizing and movement of windows, fonts, foreground/background colors, window management widgets, and in particular mouse pointer movement and display -- remain local to the displaying workstation and are not sent over any network, as both X client and X server are on the same platform. There are other way to "move" graphical traffic over a network, and some work far more efficiently than X, or interoperate with both Unix-like systems and Microsoft Windows. One of those is VNC. I think you may mean, "As implemented," because the X Windows System was one of the first software products publicly released to the world through MIT's Project Athena, back in the mid 1980s. Last edited by jggimi; 1st October 2014 at 10:25 AM. Reason: typos, and significant clarity |
|
|||
Quote:
Do you have other users running on your machine? If not, a hypothetical xterm exploit would require a remote exploiter to somehow feed input to your local xterm. So how would it do that? You're saying you ssh to the openbsd machine, forwarding X? If the X server isn't trustworthy, e.g. if it has other xclients running on it you can't trust (and aren't contained by your using the X security extension or XACE -- I've had little luck running X security myself), the other clients could send key presses to your xterm. But if that's the case, I'd think someone grabbing utmp permissions would be the least of your problems. But then there's still the more mundane way of feeding xterm input, which is that programs you run on your terminal have output that somehow triggers a buffer overflow. If you're concerned about this, you could change the permissions on xterm so it's not set to run as group id. There seems to be a -ut option to xterm to prevent it trying to write to utmp. You might need that to avoid a permissions error when you run a login xterm. What implications there are to not writing utmp entries I don't know. If you don't have other users on your machine, maybe you don't care about utmp. |
Tags |
emulator, rxvt, suckless, terminal, vulnerability |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
VMware patches buffer overflow in legacy products | J65nko | News | 0 | 5th October 2011 11:04 PM |
PostgreSQL security update fixes a buffer overrun | J65nko | News | 0 | 1st February 2011 06:37 PM |
error: reexec socketpair: No buffer space available | chris | FreeBSD General | 3 | 24th July 2009 08:07 PM |
dhcpd:No Buffer space avaible | marsjanq | OpenBSD General | 8 | 13th September 2008 07:52 PM |