Umlauts are not displayed correctly in window title
87 views
Skip to first unread message
Salmiakki
Apr 10, 2016, 2:35:37 PM4/10/16
to qubes-users
I am not sure if this is a bug, an accident or a security feature but I am getting things like this:
"[...] Angriffe auf kritische L__cke: Flash-Patch ist da [...]" in my firefox window title (also cf. screenshot)
Do I need to install a font or what is the lore on this?
Alex
Apr 10, 2016, 2:39:35 PM4/10/16
to qubes...@googlegroups.com
On 04/10/2016 08:35 PM, Salmiakki wrote:
> <https://lh3.googleusercontent.com/-I3rHnrf5JMo/Vwqc2ub5lrI/AAAAAAAAAA0/jvjV--G-M70yzuAfl3527Ifvmwvqvtz7g/s1600/umlauts.png>
By default, to avoid potentially misleading character substitutions,
window titles are restricted to ascii-only characters. Any character
outside ASCII range, while correctly handled, is replaced with an
underscore.
You can allow utf-8 titles by enabling the setting with the same name in
/etc/qubes/guid.conf in dom0, either in the global: section or per-vm.
--
Alex
> <https://lh3.googleusercontent.com/-I3rHnrf5JMo/Vwqc2ub5lrI/AAAAAAAAAA0/jvjV--G-M70yzuAfl3527Ifvmwvqvtz7g/s1600/umlauts.png>
window titles are restricted to ascii-only characters. Any character
outside ASCII range, while correctly handled, is replaced with an
underscore.
You can allow utf-8 titles by enabling the setting with the same name in
/etc/qubes/guid.conf in dom0, either in the global: section or per-vm.
--
Alex
Salmiakki
Apr 10, 2016, 2:46:46 PM4/10/16
to qubes-users, alex...@gmx.com
That's what I expected but I couldn't come up with any actual problems. What are possible attacks using this?
Axon
Apr 10, 2016, 5:57:47 PM4/10/16
to Salmiakki, qubes-users, alex...@gmx.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Salmiakki:
1. Exploiting a hypothetical bug in the gui-daemon and gui-agent code.
Allowing VMs to pass arbitrarily long strings without character type
restrictions might be unnecessarily increasing the attack surface of
the GUI code. From this point of view, it would make sense to impose a
character limit and a type limit (only ASCII characters). See this
message:
https://groups.google.com/d/msg/qubes-devel/hSTXzoPtsUY/tRARAC0iD7QJ
2. Homograph attacks.
Homographs, in this context, are words or characters (homoglyphs)
which look the same but are actually different (e.g., the Latin
lowercase "a" and the Cyrillic lowercase "а"). By substituting a
lookalike character for the expected character, an attacker can fool
an unsuspecting victim into misidentifying the attacker's string as a
legitimate one. These types of attacks are most commonly used to spoof
domain names. You can read more about these types of attacks here:
https://en.wikipedia.org/wiki/IDN_homograph_attack
In Qubes, sanitizing window titles of non-ASCII characters by default
could protect against similar kinds of spoofing attacks. The risk of a
spoofed window title may not seem like much by itself, but there are
probably clever ways of combining this with other attacks in creative
ways (e.g., in order to gain the user's cooperation via the lookalike
window title) that we haven't even thought of yet.
(P.S. - Please avoid top-posting.)
>
> On Sunday, April 10, 2016 at 8:39:35 PM UTC+2, Alex wrote:
>>
>> On 04/10/2016 08:35 PM, Salmiakki wrote:
>> <https://lh3.googleusercontent.com/-I3rHnrf5JMo/Vwqc2ub5lrI/
>> AAAAAAAAAA0/jvjV--G-M70yzuAfl3527Ifvmwvqvtz7g/s1600/umlauts.png>
>>
>>> I am not sure if this is a bug, an accident or a security
>>> feature but I am getting things like this: "[...] Angriffe auf
>>> kritische L__cke: Flash-Patch ist da [...]" in my firefox
>>> window title (also cf. screenshot)
>>>
>>> Do I need to install a font or what is the lore on this?
>> By default, to avoid potentially misleading character
>> substitutions, window titles are restricted to ascii-only
>> characters. Any character outside ASCII range, while correctly
>> handled, is replaced with an underscore.
>>
>> You can allow utf-8 titles by enabling the setting with the same
>> name in /etc/qubes/guid.conf in dom0, either in the global:
>> section or per-vm.
>>
>> -- Alex
>>
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXCsw8AAoJEJh4Btx1RPV8i3IQAJu3vNlws059dcVNBC4Z323J
3lEvhXtjE0UGwG+FJeiLqJ4emxTxG8kg6F6SJfn9hb0ZXkbqltHyipOfOeByV4vB
fGp1U7WjMO2Z/GIJScd78QIBEsSRq2/uaLVdMM9Vm95Q1+dJzmyuguSCSxvHd05w
ceWssabLHQqGsXRCcXugbQna8d2i9+0zilTJERcGQmNF9Vy2XBo+XRZUqh41tWoQ
n33ekDihPD81oP2eLALvPDxf7txOjrSmHy21i6KdILRnoP0qNiWNxx1KlFeLU6mv
SubL0d3OE5qBlfS2i+4H3sbd7MRfPyGtGNCJY9XBd7gN/At3xOI+Z6q4GqP+0kPZ
iQRaflCvqYs3ixPQh9tHpsM8x1WPBf9hMGWx0tRZR53+TRO6YdaMiotxHKiOqv4B
TEhusb8kPk1XGdOOUTDRyYMpY8Oq6xhR7FfwH7fWQ+lwCJjPM8ihNMYGdkZg5MqL
Rtgh22UftxLhD+MWptijqBav5ZDfzxeInibQSnj3iSqvugXDt0NZH/lAJ0GWVQCj
xNQN/40JWcp23okjAJDFSjFMbuCOa9CmSeoZeFkjwWAPsQFb8cioOZTopk+TwJH9
gTc1trtHPN6+hzEUsXWl3g74XXfy7sLy+6KHT2mbZZQRsXKxHAF5zMTPB6oKX+tm
aSEuQ6yBn44UVkRrWnTt
=sFLg
-----END PGP SIGNATURE-----
Hash: SHA512
Salmiakki:
> That's what I expected but I couldn't come up with any actual
> problems. What are possible attacks using this?
>
I can't speak with certainty, but here are two ideas:
> problems. What are possible attacks using this?
>
1. Exploiting a hypothetical bug in the gui-daemon and gui-agent code.
Allowing VMs to pass arbitrarily long strings without character type
restrictions might be unnecessarily increasing the attack surface of
the GUI code. From this point of view, it would make sense to impose a
character limit and a type limit (only ASCII characters). See this
message:
https://groups.google.com/d/msg/qubes-devel/hSTXzoPtsUY/tRARAC0iD7QJ
2. Homograph attacks.
Homographs, in this context, are words or characters (homoglyphs)
which look the same but are actually different (e.g., the Latin
lowercase "a" and the Cyrillic lowercase "а"). By substituting a
lookalike character for the expected character, an attacker can fool
an unsuspecting victim into misidentifying the attacker's string as a
legitimate one. These types of attacks are most commonly used to spoof
domain names. You can read more about these types of attacks here:
https://en.wikipedia.org/wiki/IDN_homograph_attack
In Qubes, sanitizing window titles of non-ASCII characters by default
could protect against similar kinds of spoofing attacks. The risk of a
spoofed window title may not seem like much by itself, but there are
probably clever ways of combining this with other attacks in creative
ways (e.g., in order to gain the user's cooperation via the lookalike
window title) that we haven't even thought of yet.
(P.S. - Please avoid top-posting.)
>
> On Sunday, April 10, 2016 at 8:39:35 PM UTC+2, Alex wrote:
>>
>> On 04/10/2016 08:35 PM, Salmiakki wrote:
>> <https://lh3.googleusercontent.com/-I3rHnrf5JMo/Vwqc2ub5lrI/
>> AAAAAAAAAA0/jvjV--G-M70yzuAfl3527Ifvmwvqvtz7g/s1600/umlauts.png>
>>
>>> I am not sure if this is a bug, an accident or a security
>>> feature but I am getting things like this: "[...] Angriffe auf
>>> kritische L__cke: Flash-Patch ist da [...]" in my firefox
>>> window title (also cf. screenshot)
>>>
>>> Do I need to install a font or what is the lore on this?
>> By default, to avoid potentially misleading character
>> substitutions, window titles are restricted to ascii-only
>> characters. Any character outside ASCII range, while correctly
>> handled, is replaced with an underscore.
>>
>> You can allow utf-8 titles by enabling the setting with the same
>> name in /etc/qubes/guid.conf in dom0, either in the global:
>> section or per-vm.
>>
>> -- Alex
>>
iQIcBAEBCgAGBQJXCsw8AAoJEJh4Btx1RPV8i3IQAJu3vNlws059dcVNBC4Z323J
3lEvhXtjE0UGwG+FJeiLqJ4emxTxG8kg6F6SJfn9hb0ZXkbqltHyipOfOeByV4vB
fGp1U7WjMO2Z/GIJScd78QIBEsSRq2/uaLVdMM9Vm95Q1+dJzmyuguSCSxvHd05w
ceWssabLHQqGsXRCcXugbQna8d2i9+0zilTJERcGQmNF9Vy2XBo+XRZUqh41tWoQ
n33ekDihPD81oP2eLALvPDxf7txOjrSmHy21i6KdILRnoP0qNiWNxx1KlFeLU6mv
SubL0d3OE5qBlfS2i+4H3sbd7MRfPyGtGNCJY9XBd7gN/At3xOI+Z6q4GqP+0kPZ
iQRaflCvqYs3ixPQh9tHpsM8x1WPBf9hMGWx0tRZR53+TRO6YdaMiotxHKiOqv4B
TEhusb8kPk1XGdOOUTDRyYMpY8Oq6xhR7FfwH7fWQ+lwCJjPM8ihNMYGdkZg5MqL
Rtgh22UftxLhD+MWptijqBav5ZDfzxeInibQSnj3iSqvugXDt0NZH/lAJ0GWVQCj
xNQN/40JWcp23okjAJDFSjFMbuCOa9CmSeoZeFkjwWAPsQFb8cioOZTopk+TwJH9
gTc1trtHPN6+hzEUsXWl3g74XXfy7sLy+6KHT2mbZZQRsXKxHAF5zMTPB6oKX+tm
aSEuQ6yBn44UVkRrWnTt
=sFLg
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages