Page MenuHomePhabricator

Setting Window Title via Escape Sequences - Blink of An Eye Temporary
Closed, ResolvedPublic

Description

If I set a window title via xterm escape sequence:

echo -ne "\033]0;Foo Bar\007"

The title flashes and it is back to what it were. I would like this to work to be able to dynamically change my window title via PROMPT_COMMAND.

Note: If I set the title via this xdotool alias kludge, it works perfectly:

alias stt='_(){ (($#<1))||[[ "${1}" =~ ^- ]]&&echo "Usage: stt <Terminology Title>"&&return 1;xdotool key Control_L+Alt_L+t key Control_L+a key BackSpace;xdotool type "${1}";sleep .25;xdotool key Return;};_'
AdamDanischewski triaged this task as Normal priority.

Which version of Terminology are you using?

When set by the tooltip, it won't be changed by the escape sequence.
I'm wondering if your shell is not acting behind your back and setting it back to some other value.
Have you tried doing it through an other shell?

I'm not sure what you mean by "set by the tooltip" - I'm trying to echo out the escape code to set the title from the commandline:

$> echo -ne "\033]0;Foo Bar\007"

I think something is setting it back but I'm not sure what. I usually run TMUX but I have it turned off and it's the same deal.

$> terminology --version
Version: 1.3.2

$bash --version
GNU bash, version 5.0.3(1)-release (x86_64-pc-linux-gnu)

$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 19.04
Release:	19.04
Codename:	disco

$> echo $TERM
xterm

I tried ksh and csh and still no dice. Does echo -ne "\033]0;Foo Bar\007"work for you?

Not sure if it has anything to do with past security vulnerabilities found, one involves exploiting escape sequencing set window titles. I didn't see anything related to Terminology having those problems.

Exploitation
Escape characters are often used in shell scripts to provide syntax highlighting, but they can also be used by an attacker to cause terminal emulator to print garbage characters as well as possibly execute arbitrary commands in the system on which the terminal emulator is running. For an attack to be possible, an attacker must be able to display arbitrary data in the victim's terminal emulator. An attacker can do this by using security vulnerabilities in different software components to save save arbitrary data to the log files – an example is the CVE-2013-1892vulnerability in Apache HTTP server 2.2.x before 2.2.25, where the mod_rewrite module writes arbitrary data to the log file without sanitizing special characters, which could be used to present escape sequences. A complete description of the vulnerability is presented below.

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
Because the vulnerability exists in Apache HTTP server, it allows attacker to write escape sequences into the error log files.

Dangerous Escape Sequences
Terminal emulators support multiple features as described below [8]:

Screen Dumping: a screen dump escape sequence will open arbitrary file and write the current content of the terminal into the file. Some terminal emulators will not write to existing files, but only to new files, while others will simply overwrite the file with the new contents. An attacker might use this feature to create a new backdoor PHP file in the DocumentRoot of the web server, which can later be used to execute arbitrary commands.

Window Title: an escape sequence exists for setting the window title, which will change the window title string. This feature can be used together with another escape sequence, which reads the current window title and prints it to the current command line. Since a carriage return character is prohibited in the window title, an attacker can store the command in a window title and print it to the current command line, but it would still require a user to press enter in order to execute it. There are techniques for making the command invisible, like setting the text color to the same color as the background, which increases the changes of user pressing the enter key.

Command Execution: some terminal emulators could even allow execution of the command directly by using an escape sequence.

https://www.proteansec.com/linux/blast-past-executing-code-terminal-emulators-via-escape-sequences/
https://www.cvedetails.com/cve/CVE-2013-1862

With the git version, it does work for me.

I've tested with 1.3.2 and it still works with zsh, but not with bash!

Terminology does not print back the title due to security issues it would introduce.

bash sets the title on each prompt. You'd see it easily with echo -ne "\033]0;Foo Bar\007"; sleep 5.

Thanks bud, I've got it working - I moved my .bashrc to old.bashrc and the commands work now. I think it's my PROMPT_COMMAND which sets a complicated PS1. I haven't played around with it in a while but it may have a window title in there. I thought dropping into ksh or csh would have tested that scenario but guess not.

If anyone else has this problem, try asking them to move their .bashrc temporarily.

AdamDanischewski closed this task as Resolved.Wed, Oct 9, 2:56 PM