for cool 'cat's who use 'putty' :-)
ryan-c on #gitolite (ryan.castellucci@gmail.com) found that if a user types in ssh git@server `echo -e "\033[2J"` or eqvt, he can get raw ASCII control characters into gitolite's log file. Then if a gitolite admin 'cat's the log file (instead of using a pager, or uses a pager in raw mode like 'less -r'), those control characters hit his screen and do stuff. While clearing the screen etc is probably harmless and I would not have bothered, we know that the old vt100 would allow the keyboard to be remapped by the server sending control codes, and we're not really sure which of the currently in use terminals emulate this. And finally, I found somewhere that "PuTTY allows the server to send control codes that let it take over the mouse". Scary... (...of course, I hate putty/plink so I was sorely tempted to leave this as is to punish people who use it <grin> but not really; I'd joke about it but won't actually *do* it!)
This commit is contained in:
Sitaram Chamarty
parent
6d3c2fbcef
commit
ca913af6cd
|
|
@ -125,6 +125,8 @@ sub log_it {
|
||||||
$logmsg = $_[0] || $ENV{SSH_ORIGINAL_COMMAND}; shift;
|
$logmsg = $_[0] || $ENV{SSH_ORIGINAL_COMMAND}; shift;
|
||||||
# the rest of it upto the caller; we just dump it into the logfile
|
# the rest of it upto the caller; we just dump it into the logfile
|
||||||
$logmsg .= "\t@_" if @_;
|
$logmsg .= "\t@_" if @_;
|
||||||
|
# erm... this is hard to explain so just see the commit message ok?
|
||||||
|
$logmsg =~ s/([\x00-\x08\x0A-\x1F\x7F-\xFF]+)/sprintf "<<hex(%*v02X)>>","",$1/ge;
|
||||||
print $log_fh "$ENV{GL_TS}\t$ENV{GL_USER}\t$ip\t$logmsg\n";
|
print $log_fh "$ENV{GL_TS}\t$ENV{GL_USER}\t$ip\t$logmsg\n";
|
||||||
close $log_fh or die "close log failed: $!\n";
|
close $log_fh or die "close log failed: $!\n";
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue