You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you use the SSH kitten to log in as root, kitty terminfo will be copied to /root/.terminfo. This used to work, but breaks if ncurses is compiled with root environment restriction:
--disable-root-access
Compile with environment restriction, so most file-access is limited
when running as root, or via a setuid/setgid application.
--disable-root-environ
Compile with environment restriction, so certain environment variables
are not available when running as root. These are (for example
$TERMINFO) those that allow the search path for the terminfo or termcap
entry to be customized.
I dont see what the kitten can do about it if ncurses is compiled to
ignore custom terminfo files. That's a pretty absurd fix for the CVE
anyway. The correct fix is to patch ncurses to not corrupt memory when
reading invalid terminfo data or better to start the long process of
removing ncurses from all applications as it is a truly awful library.
Setting those compile time options basically means you have to have
the terminfo for whatever terminal you are connecting with installed
globally.
The correct fix is to patch ncurses to not corrupt memory when
reading invalid terminfo data or better to start the long process of
removing ncurses from all applications as it is a truly awful library.
I completely agree with both. 🙂
Setting those compile time options basically means you have to have
the terminfo for whatever terminal you are connecting with installed
globally.
Yeah, I figured it was the only way in this case. Perhaps the Arch Linux packagers will remove these options in a future build once ncurses is properly fixed.
If nothing else, I hope this issue can save someone some debugging time as it was not immediately obvious why it broke after upgrading ncurses.
Describe the bug
If you use the SSH kitten to log in as root, kitty terminfo will be copied to
/root/.terminfo
. This used to work, but breaks if ncurses is compiled with root environment restriction:In Arch Linux, both of these options are used in ncurses
6.4_20230520-1
. This was done to prevent CVE-2023-29491:https://gitlab.archlinux.org/archlinux/packaging/packages/ncurses/-/commit/3c2606603aa4a5a3b2d29e560a1bc14986153f49
Installing
kitty-terminfo
on the remote system fixes the issue since it will make the terminfo available under/usr/share/terminfo/
I'm not sure if anything can be done in this case with the SSH kitten or if the only option is to install
kitty-terminfo
on the remote system.To Reproduce
Steps to reproduce the behavior:
--disable-root-access
and--disable-root-environ
on the remote systemkitty-terminfo
is not installed on the remote systemkitten ssh root@remote
Environment details
The text was updated successfully, but these errors were encountered: