Date: Fri, 18 Sep 2015 14:02:36 +0200 From: up201407890@...nos.dcc.fc.up.pt To: oss-security@...ts.openwall.com Subject: Re: s/party/hack like it's 1999 Date: Thu, 17 Sep 2015 12:33:28 -0430 From: Manuel Gómez <targen@...il.com> To: oss-security@...ts.openwall.com Subject: Re: s/party/hack like it's 1999 On Thu, Sep 17, 2015 at 12:33:28 AM, <targen@...il.com> wrote: > On Thu, Sep 17, 2015 at 11:33 AM, <up201407890@...nos.dcc.fc.up.pt> wrote: >> Federico Bento <up201407890@...nos.dcc.fc.up.pt> >> >> […] >> >> As you can see, our beloved 'cat' cheated on us. Why? >> Because instead of displaying the character-sequence, the escape sequence >> \033[XA (being X the number of times) performed some action. >> And this action moves the cursor up X times, overwriting what is above it X >> lines. >> But this doesn't affect only 'cat', it affects everything that interprets >> escape sequences. >> >> [… examples with head, tail, more, curl, wget …] >> >> 'diff' also interprets escape sequences and so do the resulting patches >> >> [… examples with diff …] >> >> Hint: >> 'less' doesn't interpret escape sequences unless the -r switch is used, >> so stop aliasing it to 'less -r' just because there's no colored output. > Not a single one of those programs does anything to its input that > ought to be considered any form of interpretation in the sense you > imply. They simply produce outputs that correspond to their inputs. > If that output is later presented to a terminal emulator, *then* some > characters happen to produce effects that go beyond simply displaying > them as glyphs on a screen, one by one. > > There is absolutely nothing wrong with `head`, `tail`, `more`, `curl`, > `wget` or `diff`. They are not meant to “interpret” anything of the > sort that is being addressed, and indeed they do not. `less` *does* > have special processing rules active by default for input sequences > that would cause terminals to do anything special; indeed, the default > behaviour of `less`, without the `-r` option, is the only mentioned > behaviour that may be considered a form of interpretation. Yes, that is correct. I should have rephrased that better, thanks for clearing that up. >> It's no secret, most of us rely on 'cat' to view files. I guess this is one >> black kitty, giving you bad luck. > > Perhaps “most of us” should use `view` to view files. Also correct. There are several ways one can go about this, but the point is, do people actually do that? Do they take that extra care sometimes? :) I'd also like to point out that the title should've been "s/party/hack/ like it's 1999", I guess that's what you get when you're trying to write up things fast, but that's not really the point of the post ;-) Quoting "Cliff Perry" <cperry@...hat.com>: >> Interesting. I woul advocate usage of something like cat -A. >> - something I learned to find end of line chars. >> >> [cperry@...rry ~]$ printf '#!/bin/bash\necho doing something >> evil!\nexit\n\033[2Aecho doing something very nice!\n' > backdoor.sh >> [cperry@...rry ~]$ chmod +x backdoor.sh >> [cperry@...rry ~]$ cat backdoor.sh >> #!/bin/bash >> echo doing something very nice! >> [cperry@...rry ~]$ cat -A backdoor.sh >> #!/bin/bash$ >> echo doing something evil!$ >> exit$ >> ^[[2Aecho doing something very nice!$ >> [cperry@...rry ~]$ >> >> Also, my terminal prompt jumped a line when doing the normal cat. >> >> Cliff Yes, there are several ways to go about this, but the point is that 'cat -A file' isn't something that people do in their day to day lives! I believe some adjustments to the script would make it not jump a line for other terminal emulators. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ