Re: Thoughts on the standardization of Org

[Jean Louis]

* Tim Cross <theophilusx@gmail.com> [2020-11-11 01:30]:
> 
> Jean Louis <bugs@gnu.support> writes:
> 
> > * Maxim Nikulin <manikulin@gmail.com> [2020-11-10 19:31]:
> >> 2020-11-10 Greg Minshall wrote:
> >> >
> >> > i would guess
> >> > using 'cat -v' to read e-mail is 100% safe.  even throwing in
> >> > uudecode(1), or whatever is needed to decode base64, (and then piping
> >> > through 'cat -v', of course ), it's probably still safe.
> >>
> >> Please, check that you have at least updated tmux before applying such
> >> "safe" handler: https://www.openwall.com/lists/oss-security/2020/11/05/3 
> >> The
> >> news are too recent to not mention the link in such context.
> >>
> >> The sour story is that it is unsafe to feed non-trusted files directly to
> >> terminal. A filter against control sequences is required.
> >
> > Is there anyway to disable control sequences? Than cat can be aliased.
> 
> 
> It should be noted that this vulnerability is a buffer overflow exploit
> which ASLR effectively mitigates. This doesn't mean that it isn't a
> serious bug in tmux, but it does mean that unless you have disabled
> ASLR, there is no known exploit (i.e. it is only theoretical). Given the
> popularity of tmux, I suspect it will be patched and a new version

Do you know how to disable control sequences?