> >That is definitely true.
>
> I don't found anything about possible format of such requests/responces.
> So I try to made this in my own way. If its not true please correct me.
> At the end of this letter I attach patch which make possible to get
> all translation information using ESC sequences. This patch add such
> new ESC sequences:
> \033(? - ask about G0_charset
> \033)? - ask about G1_charset
> \033%? - ask about utf state
> \033C - ask about charset (^N/^O)
> \033? - ask about all together
> The response string is the escape sequnce to set appropriate mode, i.e.
> \033(? -> \033(K or
> \033? -> \033(K\033)0\033%@^O
There's security problem.
^O is recognized as kind-of end-of-line by bash. (Try typing ls / ^O
in shell).
So if I echo \033? | write root (and he's in shell), I make him
execute (K)0% command. There are numerous ways how to get escape
sequence to console of your victim. (Write, filename, processname,
...)
BEWARE!
Pavel
-- I'm really pavel@atrey.karlin.mff.cuni.cz. Pavel Look at http://atrey.karlin.mff.cuni.cz/~pavel/ ;-).- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/