* Tim Cross <theophil...@gmail.com> [2020-11-11 01:30]: > > Jean Louis <bugs@gnu.support> writes: > > > * Maxim Nikulin <maniku...@gmail.com> [2020-11-10 19:31]: > >> 2020-11-10 Greg Minshall wrote: > >> > > >> > i would guess > >> > using 'cat -v' to read e-mail is 100% safe. even throwing in > >> > uudecode(1), or whatever is needed to decode base64, (and then piping > >> > through 'cat -v', of course ), it's probably still safe. > >> > >> Please, check that you have at least updated tmux before applying such > >> "safe" handler: https://www.openwall.com/lists/oss-security/2020/11/05/3 > >> The > >> news are too recent to not mention the link in such context. > >> > >> The sour story is that it is unsafe to feed non-trusted files directly to > >> terminal. A filter against control sequences is required. > > > > Is there anyway to disable control sequences? Than cat can be aliased. > > > It should be noted that this vulnerability is a buffer overflow exploit > which ASLR effectively mitigates. This doesn't mean that it isn't a > serious bug in tmux, but it does mean that unless you have disabled > ASLR, there is no known exploit (i.e. it is only theoretical). Given the > popularity of tmux, I suspect it will be patched and a new version
Do you know how to disable control sequences?
