It is not necessary to call an external binary to clear the screen of a default unix terminal emulator. The external call using system("clear") may be used by an attacker to get untrusted code called with an higher privilege because batctl has to be run as using uid 0.
Reported-by: Antonio Quartulli ordex@autistici.org Signed-off-by: Sven Eckelmann sven@narfation.org --- functions.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/functions.c b/functions.c index c78e408..1d737fa 100644 --- a/functions.c +++ b/functions.c @@ -184,7 +184,7 @@ open: }
if (read_opt & CLR_CONT_READ) - system("clear"); + printf("\033[2J\033[0;0f");
read: while (getline(&line_ptr, &len, fp) != -1) {
It is not necessary to call an external binary to clear the screen of a default unix terminal emulator. The external call using system("clear") may be used by an attacker to get untrusted code called with an higher privilege because batctl has to be run as using uid 0.
Reported-by: Antonio Quartulli ordex@autistici.org Signed-off-by: Sven Eckelmann sven@narfation.org --- Add comment
functions.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/functions.c b/functions.c index c78e408..e095fd0 100644 --- a/functions.c +++ b/functions.c @@ -184,7 +184,8 @@ open: }
if (read_opt & CLR_CONT_READ) - system("clear"); + /* clear screen, set cursor back to 0,0 */ + printf("\033[2J\033[0;0f");
read: while (getline(&line_ptr, &len, fp) != -1) {
On Monday, August 20, 2012 00:08:44 Sven Eckelmann wrote:
It is not necessary to call an external binary to clear the screen of a default unix terminal emulator. The external call using system("clear") may be used by an attacker to get untrusted code called with an higher privilege because batctl has to be run as using uid 0.
Reported-by: Antonio Quartulli ordex@autistici.org Signed-off-by: Sven Eckelmann sven@narfation.org
Add comment
functions.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
Applied in revision f1fff52.
Thanks, Marek
b.a.t.m.a.n@lists.open-mesh.org
-
Marek Lindner -
Sven Eckelmann