-
-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
qrexec-client-vm should filter escape characters when connected to terminal #5322
Comments
And enable it by default when stdout/stderr is connected to terminal. QubesOS/qubes-issues#5322
Since qrexec-client-vm got support for filtering escape characters, use it here too. QubesOS/qubes-issues#5322
And enable it by default when stdout/stderr is connected to terminal. Fixes QubesOS/qubes-issues#5322 (cherry picked from commit 13c4ee326495786dd216acf64843a4fd69475893 in qubes-core-qrexec)
Since qrexec-client-vm got support for filtering escape characters, use it here too. QubesOS/qubes-issues#5322 (cherry picked from commit 1fcb031)
Automated announcement from builder-github The package
|
Automated announcement from builder-github The package
|
Automated announcement from builder-github The package
|
Automated announcement from builder-github The package
|
Automated announcement from builder-github The package
|
Automated announcement from builder-github The package
|
Automated announcement from builder-github The package
|
Adding r4.0-dom0-stable label to make backport filtering easier (this change appears in both dom0 and VM in R4.1, but in VM only in R4.0) |
Qubes OS version
R4.0
Affected component(s) or functionality
qrexec
Brief summary
When qvm-open-in-dvm, qvm-copy or a number of other qvm-* commands are
executed in a DomU terminal, a compromised target qube is able to
inject terminal control sequneces into their stderr.
Additional context
qvm-run
automatically enable filtering escape characters, when connected to terminal.qrexec-client-vm
should do the same.This issue was initially reported by @hexagonrecursion on security@qubes-os.org.
The text was updated successfully, but these errors were encountered: