A recently announced vulnerability in http://www.digitaldefense.net/labs/papers/Termulation.txt can affect various, widely used terminal emulators to the point that it becomes very easy for an attacker to execute arbitrary commands on a remote host through careful manipulation of the text seen through those terminal emulators.
One of the avenues of attack discussed in the above paper, deals with crafting special operations that leave specific escape codes in the logs of the applications. An unsuspecting system administrator might then issue a command such as
tail -f logfile
and trigger the attack. My module, Safe::Logs, prevents this by intercepting the most common logging mechanisms accessed by Perl and performing an on-the-fly replacement of the escape character by the sequence "[esc]", thus rendering the attack useless.
Unfortunetely, the logs collect data from a large number of non-Perl services, so my module is not enough. Since many sites I know use your module for log maintanance, perhaps it would be a good idea to roll the protection implemented in Safe::Logs into Logfile::Rotate.
This won't cure the tail -f problem, but will help to limit the time frame during which an attack remains dangerous.
Best regards.
You can contact me at luismunoz@cpan.org. I'm attaching a copy of Safe::Logs for your convenience.
-lem
Safe::Logs as submitted to CPAN