Stop leaking terminal escapes via stderr
This restores Qubes R3.2 behavior Before this patch, the following: qvm-run -p sys-firewall 'echo -e "\e[0;46mcyan!" >&2' | wc -l leaks the escape sequences through to the dom0 terminal via stderr, in this case demonstrated by the ability to change the text color while it should be fixed to red. This can also be abused with xterm reporting sequences to cause input to be sent to the dom0 terminal. This is potentially a security issue.
This commit is contained in:
parent
afe4eef15f
commit
87230fc042
@ -26,6 +26,7 @@ import os
|
|||||||
import shlex
|
import shlex
|
||||||
import socket
|
import socket
|
||||||
import subprocess
|
import subprocess
|
||||||
|
import sys
|
||||||
|
|
||||||
import logging
|
import logging
|
||||||
|
|
||||||
@ -505,7 +506,9 @@ class QubesLocal(QubesBase):
|
|||||||
pass
|
pass
|
||||||
qrexec_opts = ['-d', dest]
|
qrexec_opts = ['-d', dest]
|
||||||
if filter_esc:
|
if filter_esc:
|
||||||
qrexec_opts.extend(['-t', '-T'])
|
qrexec_opts.extend(['-t'])
|
||||||
|
if filter_esc or os.isatty(sys.stderr.fileno()):
|
||||||
|
qrexec_opts.extend(['-T'])
|
||||||
if localcmd:
|
if localcmd:
|
||||||
qrexec_opts.extend(['-l', localcmd])
|
qrexec_opts.extend(['-l', localcmd])
|
||||||
if user is None:
|
if user is None:
|
||||||
|
Loading…
Reference in New Issue
Block a user