thr3ads.net - Secure testing team - [Secure-testing-team] Bug#504144: htop: Does not filter non-printable characters in process names [Nov 2008]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Josh Triplett

2008-Nov-01 01:23 UTC

[Secure-testing-team] Bug#504144: htop: Does not filter non-printable characters in process names

Package: htop
Version: 0.7-1
Severity: grave
Tags: security
Justification: user security hole

htop does not filter non-printable characters in process names.  Test
case:

echo -e ''#!/bin/sh\nwhile :;do :;done'' > $(echo -ne
''\e[2J\e[H'')
chmod a+x $(echo -ne ''\e[2J\e[H'')
../$(echo -ne ''\e[2J\e[H'')

top changes the non-printable characters to question marks.  htop
prints them unchanged, and thus corrupts its own display.  More subtle
escape sequences could hide a process entirely, or do more malicious
things depending on the capabilities of the terminal displaying htop.

- Josh Triplett

Secure testing team - Nov 2008 - Bug#504144: htop: Does not filter non-printable characters in process names

[Secure-testing-team] Bug#504144: htop: Does not filter non-printable characters in process names