Is stdin safe against backtracking?

[mcandre]

Our users will likely store some sensitive information in the CloudABI YAML configuration files, such as passwords and tokens. Let's assume stdin is enabled and some kind of output stream such as a network port or output file. Would it be possible for a malicious or poorly written CloudABI application to seek backwards and read the configuration content, later leaking this information?

[EdSchouten]

I think interaction with stdin is (relatively?) safe. It just behaves like a (non-seekable) stream. It's stdout I'd be more worried about. There is currently no protection towards printing malicious VT100 escape sequences to the user's terminal.

[mcandre]

There is currently no protection towards printing malicious VT100 escape sequences to the user's terminal.

Ach! I know that CloudABI controls stdout, stderr, stdin. Does CloudABI in fact intercept and redirect these streams, or simply gate access to them? If we intercept/redirect these streams, then we could perform some limited checks for prohibited byte sequences.

... and if we do that, we should also provide an option to re-allow arbitrary byte sequences, for when applications intend to use stdout, etc. for streaming media.