Hi Josh, * Josh Triplett <[EMAIL PROTECTED]> [2008-11-02 12:12]: > Nico Golde wrote: > >* Josh Triplett <[EMAIL PROTECTED]> [2008-11-01 04:16]: [...] > >> top changes the non-printable characters to question marks. htop > >> prints them unchanged, and thus corrupts its own display. More subtle > >> escape sequences could hide a process entirely, or do more malicious > >> things depending on the capabilities of the terminal displaying htop. > > > > I'm not sure if that is really a security problem or more a > > regular bug as processes can hide their names already pretty > > good by manipulating argv[0]. > > Processes can hide their names, yes, but a line in htop with no > process name looks suspicious. However, a carefully written process > name could hide the entire line, not just the process name. > > Furthermore, consider some of the crazy control strings which some > terminals have offered in the past. On such a terminal, a malicious > process name could set keyboard shortcuts, print to a printer, > manipulate the terminal window, set and then paste the clipboard > contents, write files, or other crazy things.
Ok got your point, I agree with you. I'm going to request a CVE id for this. Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpxmXuOcfH6D.pgp
Description: PGP signature
