Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 17 Sep 2015 12:33:28 -0430
From: Manuel Gómez <>
Subject: Re: s/party/hack like it's 1999

On Thu, Sep 17, 2015 at 11:33 AM,  <> wrote:
> Federico Bento <>
> […]
> As you can see, our beloved 'cat' cheated on us. Why?
> Because instead of displaying the character-sequence, the escape sequence
> \033[XA (being X the number of times) performed some action.
> And this action moves the cursor up X times, overwriting what is above it X
> lines.
> But this doesn't affect only 'cat', it affects everything that interprets
> escape sequences.
> [… examples with head, tail, more, curl, wget …]
> 'diff' also interprets escape sequences and so do the resulting patches
> [… examples with diff …]
> Hint:
> 'less' doesn't interpret escape sequences unless the -r switch is used,
> so stop aliasing it to 'less -r' just because there's no colored output.

Not a single one of those programs does anything to its input that
ought to be considered any form of interpretation in the sense you
imply.  They simply produce outputs that correspond to their inputs.
If that output is later presented to a terminal emulator, *then* some
characters happen to produce effects that go beyond simply displaying
them as glyphs on a screen, one by one.

There is absolutely nothing wrong with `head`, `tail`, `more`, `curl`,
`wget` or `diff`.  They are not meant to “interpret” anything of the
sort that is being addressed, and indeed they do not.  `less` *does*
have special processing rules active by default for input sequences
that would cause terminals to do anything special; indeed, the default
behaviour of `less`, without the `-r` option, is the only mentioned
behaviour that may be considered a form of interpretation.

> It's no secret, most of us rely on 'cat' to view files. I guess this is one
> black kitty, giving you bad luck.

Perhaps “most of us” should use `view` to view files.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.