On 2024-01-31 Adam Thompson wrote:
Anyone who uses the idiom "sudo vim file" (possibly even "sudoedit file"?) could easily be hit. Well, once someone manages to populate their ~/.terminfo or $TERM or $TERMINFO with malicious information, which I'd say is actually the harder part. Although given the number of people who will happily do "curl -O - http://.... | bash" maybe not so hard after all. -Adam
Ah yes, completely forgot the editor angle. Doh. That's a scary thought. I guess you really should limit what you run as root... having a hole like this in ncurses is almost as bad as having it in stdlib!
The terminfo requirements of the hack would mean the most likely vector would have to be someone who already has local system access? Other than your curl example, it might be hard to use this remotely.
Still, they gave it 7.8... which isn't often. Maybe there are more angles we haven't spotted yet.