Repository : ssh://git@open-mesh.org/batctl

On branch : master

commit f1fff527ed6227d1986c4740b387c0ffc85117d5 Author: Sven Eckelmann sven@narfation.org Date: Mon Aug 20 00:08:44 2012 +0200

batctl: Clear screen using ANSI escape codes

It is not necessary to call an external binary to clear the screen of a default unix terminal emulator. The external call using system("clear") may be used by an attacker to get untrusted code called with an higher privilege because batctl has to be run as using uid 0.

Reported-by: Antonio Quartulli ordex@autistici.org Signed-off-by: Sven Eckelmann sven@narfation.org

f1fff527ed6227d1986c4740b387c0ffc85117d5 functions.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/functions.c b/functions.c index c78e408..e095fd0 100644 --- a/functions.c +++ b/functions.c @@ -184,7 +184,8 @@ open: }

if (read_opt & CLR_CONT_READ) - system("clear"); + /* clear screen, set cursor back to 0,0 */ + printf("\033[2J\033[0;0f");

read: while (getline(&line_ptr, &len, fp) != -1) {