* [B.A.T.M.A.N.] [PATCH] batctl: Clear screen using ANSI escape codes
@ 2012-08-19 21:53 Sven Eckelmann
2012-08-19 22:08 ` [B.A.T.M.A.N.] [PATCHv2] " Sven Eckelmann
0 siblings, 1 reply; 3+ messages in thread
From: Sven Eckelmann @ 2012-08-19 21:53 UTC (permalink / raw)
To: b.a.t.m.a.n
It is not necessary to call an external binary to clear the screen of a default
unix terminal emulator. The external call using system("clear") may be used by
an attacker to get untrusted code called with an higher privilege because
batctl has to be run as using uid 0.
Reported-by: Antonio Quartulli <ordex@autistici.org>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
---
functions.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/functions.c b/functions.c
index c78e408..1d737fa 100644
--- a/functions.c
+++ b/functions.c
@@ -184,7 +184,7 @@ open:
}
if (read_opt & CLR_CONT_READ)
- system("clear");
+ printf("\033[2J\033[0;0f");
read:
while (getline(&line_ptr, &len, fp) != -1) {
--
1.7.10.4
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [B.A.T.M.A.N.] [PATCHv2] batctl: Clear screen using ANSI escape codes
2012-08-19 21:53 [B.A.T.M.A.N.] [PATCH] batctl: Clear screen using ANSI escape codes Sven Eckelmann
@ 2012-08-19 22:08 ` Sven Eckelmann
2012-08-24 21:47 ` Marek Lindner
0 siblings, 1 reply; 3+ messages in thread
From: Sven Eckelmann @ 2012-08-19 22:08 UTC (permalink / raw)
To: b.a.t.m.a.n
It is not necessary to call an external binary to clear the screen of a default
unix terminal emulator. The external call using system("clear") may be used by
an attacker to get untrusted code called with an higher privilege because
batctl has to be run as using uid 0.
Reported-by: Antonio Quartulli <ordex@autistici.org>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
---
Add comment
functions.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/functions.c b/functions.c
index c78e408..e095fd0 100644
--- a/functions.c
+++ b/functions.c
@@ -184,7 +184,8 @@ open:
}
if (read_opt & CLR_CONT_READ)
- system("clear");
+ /* clear screen, set cursor back to 0,0 */
+ printf("\033[2J\033[0;0f");
read:
while (getline(&line_ptr, &len, fp) != -1) {
--
1.7.10.4
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [B.A.T.M.A.N.] [PATCHv2] batctl: Clear screen using ANSI escape codes
2012-08-19 22:08 ` [B.A.T.M.A.N.] [PATCHv2] " Sven Eckelmann
@ 2012-08-24 21:47 ` Marek Lindner
0 siblings, 0 replies; 3+ messages in thread
From: Marek Lindner @ 2012-08-24 21:47 UTC (permalink / raw)
To: b.a.t.m.a.n
On Monday, August 20, 2012 00:08:44 Sven Eckelmann wrote:
> It is not necessary to call an external binary to clear the screen of a
> default unix terminal emulator. The external call using system("clear")
> may be used by an attacker to get untrusted code called with an higher
> privilege because batctl has to be run as using uid 0.
>
> Reported-by: Antonio Quartulli <ordex@autistici.org>
> Signed-off-by: Sven Eckelmann <sven@narfation.org>
> ---
> Add comment
>
> functions.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
Applied in revision f1fff52.
Thanks,
Marek
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-08-24 21:47 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-08-19 21:53 [B.A.T.M.A.N.] [PATCH] batctl: Clear screen using ANSI escape codes Sven Eckelmann
2012-08-19 22:08 ` [B.A.T.M.A.N.] [PATCHv2] " Sven Eckelmann
2012-08-24 21:47 ` Marek Lindner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox