>Number: 169796 >Category: misc >Synopsis: kenv(1) output is unreadable >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jul 12 02:40:00 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Arnaud Lacombe >Release: many. >Organization: n/a >Environment: FreeBSD coltar 9.0-STABLE FreeBSD 9.0-STABLE >Description: Output of kenv(1) is not escaped to be safely usable on terminals. Depending their content, variable value might end up being interpreted as terminal command. On 9.0-stable, we ends up having the following being output:
LINES="24" ansi_caption[1]="ESC[1mBESC[37moot ESC[1m[ENTER]ESC[37m" ansi_caption[2]="ESC[1mEscESC[37mape to loader prompt" ansi_caption[4]="ESC[1mAESC[37mCPI Support: ESC[34;1mDisabledESC[37m" ansi_caption[5]="Boot Safe ESC[1mMESC[37mode: ESC[34;1mNOESC[37m" ansi_caption[6]="Boot ESC[1mSESC[37mingle User: ESC[34;1mNOESC[37m" ansi_caption[7]="Boot ESC[1mVESC[37merbose: ESC[34;1mNOESC[37m" bootfile="kernel" comconsole_speed="115200" console="comconsole" currdev="disk0p2:" Of course, ESC are not escaped and result in kenv(1)'s being unreadable. >How-To-Repeat: # kenv >Fix: escape variable content not to be interpreted as terminal command. >Release-Note: >Audit-Trail: >Unformatted: _______________________________________________ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
