Date: Thu, 12 Jul 2012 02:31:03 GMT From: Arnaud Lacombe <lacombar@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/169796: kenv(1) output is unreadable Message-ID: <201207120231.q6C2V34N000106@red.freebsd.org> Resent-Message-ID: <201207120240.q6C2e0vQ023286@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 169796 >Category: misc >Synopsis: kenv(1) output is unreadable >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jul 12 02:40:00 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Arnaud Lacombe >Release: many. >Organization: n/a >Environment: FreeBSD coltar 9.0-STABLE FreeBSD 9.0-STABLE >Description: Output of kenv(1) is not escaped to be safely usable on terminals. Depending their content, variable value might end up being interpreted as terminal command. On 9.0-stable, we ends up having the following being output: LINES="24" ansi_caption[1]="ESC[1mBESC[37moot ESC[1m[ENTER]ESC[37m" ansi_caption[2]="ESC[1mEscESC[37mape to loader prompt" ansi_caption[4]="ESC[1mAESC[37mCPI Support: ESC[34;1mDisabledESC[37m" ansi_caption[5]="Boot Safe ESC[1mMESC[37mode: ESC[34;1mNOESC[37m" ansi_caption[6]="Boot ESC[1mSESC[37mingle User: ESC[34;1mNOESC[37m" ansi_caption[7]="Boot ESC[1mVESC[37merbose: ESC[34;1mNOESC[37m" bootfile="kernel" comconsole_speed="115200" console="comconsole" currdev="disk0p2:" Of course, ESC are not escaped and result in kenv(1)'s being unreadable. >How-To-Repeat: # kenv >Fix: escape variable content not to be interpreted as terminal command. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201207120231.q6C2V34N000106>