Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

qrexec-client-vm should filter escape characters when connected to terminal #5322

Closed
marmarek opened this issue Sep 17, 2019 · 8 comments · Fixed by QubesOS/qubes-core-qrexec#9
Closed

qrexec-client-vm should filter escape characters when connected to terminal #5322

marmarek opened this issue Sep 17, 2019 · 8 comments · Fixed by QubesOS/qubes-core-qrexec#9
Labels
C: core P: major Priority: major. Between "default" and "critical" in severity. r4.0-bullseye-stable r4.0-buster-stable r4.0-centos7-stable r4.0-dom0-stable r4.0-fc29-stable r4.0-fc30-stable r4.0-fc31-cur-test r4.0-jessie-stable r4.0-stretch-stable r4.1-bullseye-cur-test r4.1-buster-cur-test r4.1-centos7-cur-test r4.1-dom0-cur-test r4.1-fc29-cur-test r4.1-fc30-cur-test r4.1-fc31-cur-test r4.1-stretch-cur-test security This issue pertains to the security of Qubes OS. T: bug Type: bug report. A problem or defect resulting in unintended behavior in something that exists.
Milestone
Release 4.0 updates

Comments

@marmarek
Copy link
Member

Qubes OS version
R4.0

Affected component(s) or functionality
qrexec

Brief summary
When qvm-open-in-dvm, qvm-copy or a number of other qvm-* commands are
executed in a DomU terminal, a compromised target qube is able to
inject terminal control sequneces into their stderr.

Additional context
qvm-run automatically enable filtering escape characters, when connected to terminal. qrexec-client-vm should do the same.

This issue was initially reported by @hexagonrecursion on security@qubes-os.org.
@marmarek marmarek added T: bug Type: bug report. A problem or defect resulting in unintended behavior in something that exists. security This issue pertains to the security of Qubes OS. P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. labels Sep 17, 2019
@marmarek marmarek added this to the Release 4.0 updates milestone Sep 17, 2019
marmarek added a commit to marmarek/qubes-core-qrexec that referenced this issue Sep 17, 2019
@marmarek
qrexec-client-vm: add option to replace control characters on stdout/err
10b3aa3 
And enable it by default when stdout/stderr is connected to terminal.

QubesOS/qubes-issues#5322
@marmarek marmarek mentioned this issue Sep 17, 2019
Merged
@andrewdavidwong andrewdavidwong added C: core P: major Priority: major. Between "default" and "critical" in severity. and removed P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. labels Sep 17, 2019
marmarek added a commit to marmarek/qubes-core-admin-client that referenced this issue Sep 21, 2019
@marmarek
Add support for run_service(..., filter_esc=True) in a VM
1fcb031 
Since qrexec-client-vm got support for filtering escape characters, use
it here too.

QubesOS/qubes-issues#5322
@marmarek marmarek mentioned this issue Sep 21, 2019
Merged
marmarek added a commit to marmarek/qubes-core-agent-linux that referenced this issue Oct 6, 2019
@marmarek
qrexec-client-vm: add option to replace control characters on stdout/err
61b3945 
And enable it by default when stdout/stderr is connected to terminal.

Fixes QubesOS/qubes-issues#5322

(cherry picked from commit 13c4ee326495786dd216acf64843a4fd69475893 in
 qubes-core-qrexec)
marmarek added a commit to QubesOS/qubes-core-admin-client that referenced this issue Oct 9, 2019
@marmarek
Add support for run_service(..., filter_esc=True) in a VM
a7f8ae0 
Since qrexec-client-vm got support for filtering escape characters, use
it here too.

QubesOS/qubes-issues#5322

(cherry picked from commit 1fcb031)
@qubesos-bot qubesos-bot mentioned this issue Oct 9, 2019
Closed
@qubesos-bot
Copy link

Automated announcement from builder-github

The package qubes-core-qrexec_4.1.2-1 has been pushed to the r4.1 testing repository for the Debian template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing stretch-testing (or appropriate equivalent for your template version), then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@qubesos-bot
Copy link

Automated announcement from builder-github

The package qubes-core-qrexec-4.1.2-1.fc29 has been pushed to the r4.1 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

This was referenced Oct 9, 2019
Closed
Closed
@qubesos-bot
Copy link

Automated announcement from builder-github

The package core-agent-linux has been pushed to the r4.0 testing repository for the CentOS centos7 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r4.0-current-testing

Changes included in this update

@qubesos-bot qubesos-bot mentioned this issue Oct 9, 2019
Closed
@qubesos-bot
Copy link

Automated announcement from builder-github

The package qubes-core-agent_4.0.50-1 has been pushed to the r4.0 testing repository for the Debian template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing stretch-testing (or appropriate equivalent for your template version), then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@qubesos-bot
Copy link

Automated announcement from builder-github

The package qubes-core-agent_4.0.50-1+deb9u1 has been pushed to the r4.0 stable repository for the Debian template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@qubesos-bot
Copy link

Automated announcement from builder-github

The package core-agent-linux has been pushed to the r4.0 stable repository for the CentOS centos7 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

@qubesos-bot
Copy link

Automated announcement from builder-github

The package core-qrexec has been pushed to the r4.1 testing repository for the CentOS centos7 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r4.1-current-testing

Changes included in this update

@marmarek
Copy link
Member Author

marmarek commented Dec 2, 2019

Adding r4.0-dom0-stable label to make backport filtering easier (this change appears in both dom0 and VM in R4.1, but in VM only in R4.0)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C: core P: major Priority: major. Between "default" and "critical" in severity. r4.0-bullseye-stable r4.0-buster-stable r4.0-centos7-stable r4.0-dom0-stable r4.0-fc29-stable r4.0-fc30-stable r4.0-fc31-cur-test r4.0-jessie-stable r4.0-stretch-stable r4.1-bullseye-cur-test r4.1-buster-cur-test r4.1-centos7-cur-test r4.1-dom0-cur-test r4.1-fc29-cur-test r4.1-fc30-cur-test r4.1-fc31-cur-test r4.1-stretch-cur-test security This issue pertains to the security of Qubes OS. T: bug Type: bug report. A problem or defect resulting in unintended behavior in something that exists.
Projects
None yet
Milestone
Release 4.0 updates
Development

Successfully merging a pull request may close this issue.

qrexec-client-vm: add option to replace control characters on stdout/err marmarek/qubes-core-qrexec
3 participants
@marmarek @andrewdavidwong @qubesos-bot