Safe::Logs - Perl extension to avoid terminal emulator vulnerabilities


  use Safe::Logs;               # Always override warn() and die()
  use Safe::Logs qw(:all);      # override eveything this module knows
  use Safe::Logs qw(:Carp);     # Only override Carp:: methods
  use Safe::Logs qw(:Syslog);   # Only override syslog()
  use Safe::Logs qw(protect);   # protect() for use on your own

                                # Or combine a few
  use Safe::Logs qw(:Syslog :Carp);


As shown by the people at Digital Defense, there are a number of vulnerabilities that can be remotely exploited in the terminal emulators that are so common today. These vulnerabilities might allow an attacker to execute arbitrary commands by a number of methods. The easiest one, illustrated on shows how to compromise a remote host by sending carefully chosen requests that end up in log files. It is then a matter of time for an innocent command such as

    tail -f poisoned.log

To wreak havoc in your system.

You must use this module as the last in the list so that it can override the methods exported from other modules.

This module is a quick solution for this vulnerability. What it does is very simple: It replaces ocurrences of the ESC character in the output of any common logging mechanism such as use warnings, warn, use Carp and die.

It does so by overriding the functions with a safer alternative so that no code needs to be changed. Hopefully this will be followed by better solutions from other Perl developers.

Note that in order for this protection to be effective, this module must be used as the last module (ie, after all the modules it can override) in order for proper method replacement to occur.

The protection can also be invoked by the protect method, which takes a list of arguments and returns the same list, with all ESC characters safely replaced. This method is provided so that you can call it by yourself.

Tipically, you will want to issue an use Safe::Logs qw(:all) after the last module is used in your code, to automatically benefit from the most common level of protection agains the attacks describen in the paper.

The list of methods or functions that this module replaces are as follows.


The standard Perl warn().


The standard Perl die().


All the methods from Carp are overridden by this module.


The known and common syslog() calls are automatically overridden by this module.


Calls from warnings:: are automatically overridden by this module.


Many. The methods are exported or overridden according to this

  main::warn()          -       Always overridden
  main::die()           -       Always overridden
  warnings::warn()      -       Always overridden
  warnings::warnif()    -       Always overridden

  Carp::croak()         -       Only exported with :Carp or :all
  Carp::carp()          -       Only exported with :Carp or :all
  Carp::confess()       -       Only exported with :Carp or :all
  Carp::cluck()         -       Only exported with :Carp or :all

  main::syslog()        -       Only exported with :Syslog or :all

  protect()             -       Only exported with 'protect' or :all



Original version; created by h2xs 1.2 with options



Luis E. Muñoz <>


perl(1), Carp(3), warnings(3), Sys::Syslog(3), Unix::Syslog(3), Termulation.txt.

2 POD Errors

The following errors were encountered while parsing the POD:

Around line 215:

You forgot a '=back' before '=head2'

Around line 251:

Non-ASCII character seen before =encoding in 'Muñoz'. Assuming CP1252