Strange advisory

B.R. reallfqq-nginx at
Tue May 13 13:43:08 UTC 2014

Thanks to both of you for precisions about your point of view.

Having thought more about it, it seems indeed strane to *interpret* log
file content to *execute* script snippet in order to change window title or
alike, following the link Kurt provided.
It seems that old-fahion habits have taken advantage of backward-compatible
features in modern emulated terminals.

Switching to the fa that emulator vendors should correct this, who to
contact for it? I suppose it has nothing to do with the kernel, but rather
with multiple GNU libraries around it.
*B. R.*

On Tue, May 13, 2014 at 10:22 AM, Valentin V. Bartenev <vbart at>wrote:

> On Sunday 11 May 2014 06:25:53 B.R. wrote:
> [..]
> > What is the benefit of having those unescaped control characters in a log
> > file? Escaping them allows you to warn about their presence safely... and
> > that is directly exploitable by anything, once again safely.
> The benefit is that you can easily find in error/debug log exactly what
> a client has sent with binary precision, and therefore better diagnose
> a problem.  And this actually is the main purpose of error log (normally
> it's just empty).
>   wbr, Valentin V. Bartenev
> _______________________________________________
> nginx mailing list
> nginx at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list