comment on

Fellow monks:

A few days ago I came accross this article that exposes certain (and frightening!) vulnerabilities in some very popular terminal emulators. By the way, OS X's Terminal.app is also vulnerable to some of them.

Since we have a huge load of Perl code at our shop that sends info to the logs, it inmediately struck me: We were at risk, so I got busy. A few hours ago I uploaded Safe::Logs. What this module does is override warn(), die(), warnings::warn(), warnings::warnif() and Carp so that embedded ESC characters are replaced by a harmless placeholder, rendering the published attack ineffective.

The rationale for this was to require the smallest, safest modification possible to production code, so that applications could be patched fast. However, I would like the feedback from you so that I can incorporate the good ideas you might point out.

Best regards

-lem, but some call me fokat

In reply to Safe::Logs - Feedback appreciated by fokat

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.