Package: htop Version: 0.7-1 Followup-For: Bug #504144 Nico Golde wrote: >* Josh Triplett <[EMAIL PROTECTED]> [2008-11-01 04:16]: >> Package: htop >> Version: 0.7-1 >> Severity: grave >> Tags: security >> Justification: user security hole >> >> htop does not filter non-printable characters in process names. Test >> case: >> >> echo -e '#!/bin/sh\nwhile :;do :;done' > $(echo -ne '\e[2J\e[H') >> chmod a+x $(echo -ne '\e[2J\e[H') >> ../$(echo -ne '\e[2J\e[H') >> >> top changes the non-printable characters to question marks. htop >> prints them unchanged, and thus corrupts its own display. More subtle >> escape sequences could hide a process entirely, or do more malicious >> things depending on the capabilities of the terminal displaying htop. > > I'm not sure if that is really a security problem or more a > regular bug as processes can hide their names already pretty > good by manipulating argv[0].
Processes can hide their names, yes, but a line in htop with no process name looks suspicious. However, a carefully written process name could hide the entire line, not just the process name. Furthermore, consider some of the crazy control strings which some terminals have offered in the past. On such a terminal, a malicious process name could set keyboard shortcuts, print to a printer, manipulate the terminal window, set and then paste the clipboard contents, write files, or other crazy things. - Josh Triplett -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.27-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages htop depends on: ii libc6 2.7-15 GNU C Library: Shared libraries ii libncurses5 5.6+20081025-1 shared libraries for terminal hand htop recommends no packages. htop suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
