On Mon, Apr 15, 2024 at 02:25:04AM +0000, Jeremy Mates wrote: > TL;DR it's TERMINFO related or when ~/.terminfo exists and no TERM file > exists therein. Also trying to read "none" (or maybe also "none.db" when > the TERMINFO thing happens) from the current working directory might not > be a good idea, if an attacker can put naughty things into either of > those files and a sh or ksh or whatever is run in a suitable directory? >
hi. i have actually been seeing these for months, but just ignored them. i'm not sure your theory covers everything though: $ echo $TERM wsvt25 $ ls -l ~/.terminfo/w total 12 -r--r--r-- 1 jmc jmc 1597 Apr 15 06:27 wsvt25 -rw-r--r-- 1 jmc jmc 1522 Aug 1 2020 wsvt25-noacs -rw-r--r-- 1 jmc jmc 865 Aug 1 2020 wsvt25-ul $ tail /var/log/messages Apr 15 06:56:21 manila reorder_kernel: kernel relinking done Apr 15 06:57:03 manila -ksh: vfprintf %s NULL in "%.*s" Apr 15 06:57:17 manila last message repeated 4 times Apr 15 06:57:17 manila ksh: vfprintf %s NULL in "%.*s" Apr 15 06:57:17 manila mutt: vfprintf %s NULL in "%.*s" Apr 15 06:57:42 manila -ksh: vfprintf %s NULL in "%.*s" Apr 15 06:59:12 manila sh: vfprintf %s NULL in "%.*s" Apr 15 06:59:12 manila vim: vfprintf %s NULL in "%.*s" Apr 15 07:00:18 manila ksh: vfprintf %s NULL in "%.*s" Apr 15 07:02:35 manila ksh: vfprintf %s NULL in "%.*s" that's basically me logging in, starting tmux (4 shells+mutt). so i'm not sure it's exactly as you describe. curious... jmc
