Might terminal emulators such as konsole or xterm have remotely exploitable security bugs?

One might assume terminal emulators such as konsole or xterm are simple programs not to be exploited, but well, let’s rethink.

Showing output from untrusted remote sources (sdwdate time provider server replies; replies by Tor) might exploit bugs in terminal-emulators such as `konsole`, right?

For example, open `xterm`, then

cat /dev/random

let it run for a while and then abort using the usual `ctrl + c`. Then press enter. You’ll see that it shows some weird characters followed by command not found. How come the output of a running program in terminal can influence what is written in the following command prompt?

Similar to:



* research historically fixed and current bugs in terminal emulators
* perhaps move to a security focused terminal emulator
* no longer write untrusted output to logs
* educate users about this risk (`wget` plus `cat` could be dangerous)

Patrick started developing Whonix, the Anonymous Operating System in 2012, when quickly others joined efforts. He collected experiences working pseudonymous on Whonix for two years, enjoys collaboratively working on privacy preserving software.

Notable Replies

  1. Scroll support is supposedly a separate patch on their site though I don’t know if its been compiled into the Debian package.


    They say it has clipboard handling so I assume yes.

    Since this is x-based like xterm they don’t support multiple tabs without using tmux/GNU screen. Tmux support is not available and its in the cards to code an alternative.

    As a whole I don’t think that using konsole is doom and gloom (because of st’s major limitations). Most of the escaping vulns have been ironed out in the 2000s and many competent people seem to be fuzzing terminal emulators quite regularly. Most of these experts are concerned with busybox vulnerabilties because its relatively immature comapred to alternatives and embedded hardware being everywhere.

    This is similar to the situation with using bash vs something else. On one hand you will end up with a smaller codebase but on the other you might miss out on security expert’s mindshare and attention which is focused on the most widely used solutions. Using the less popular soltuion would end up being security thru obscurity.

  2. Looks like I came like 18 years too late for this issue. :smile:

Continue the discussion forums.whonix.org

2 more replies