Nico Golde wrote: htop doesn't filter non printable characters in process names which enables processes doing evil things with the display using escape sequences.
Found this: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5076
The patch (see $URL): diff -r d816b3b76b28 RichString.c --- a/RichString.c Sat Nov 15 04:42:09 2008 +0200 +++ b/RichString.c Sat Nov 15 05:09:32 2008 +0200 @@ -29,7 +29,7 @@ inline void RichString_appendn(RichString* this, int attrs, char* data, int len) { int last = MIN(RICHSTRING_MAXLEN - 1, len + this->len); for (int i = this->len, j = 0; i < last; i++, j++) - this->chstr[i] = data[j] | attrs; + this->chstr[i] = ((data[j] > 31) ? data[j] : '?' ) | attrs; this->chstr[last] = 0; this->len = last; }
CVE-2008-5076 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5076): htop 0.7 writes process names to a terminal without sanitizing non-printable characters, which might allow local users to hide processes, modify arbitrary files, or have unspecified other impact via a process name with "crazy control strings."
ping, please bump.
Fixed in 0.8.1-r1. I'm giving up maintainership of htop, so I'm un-Cc'ing myself now.
Arches, please test and mark stable: =sys-process/htop-0.8.1-r1 Target keywords : "amd64 arm hppa ia64 ppc ppc64 sparc x86"
*** Bug 246309 has been marked as a duplicate of this bug. ***
amd64/x86 stable
arm/ia64/sparc stable
Samuli and I are the new htop maintainers.
ppc stable
Stable for HPPA.
ppc64 done
Vulnerable versions removed from tree.
time for GLSA decision, I tend to vote NO.
(In reply to comment #15) > time for GLSA decision, I tend to vote NO. NO as well, closing. Feel free to reopen if you disagree.
