[B.A.T.M.A.N.] [PATCHv2] batctl: Clear screen using ANSI escape codes

Sven Eckelmann Sun, 19 Aug 2012 15:09:04 -0700

It is not necessary to call an external binary to clear the screen of a default
unix terminal emulator. The external call using system("clear") may be used by
an attacker to get untrusted code called with an higher privilege because
batctl has to be run as using uid 0.


Reported-by: Antonio Quartulli <or...@autistici.org>
Signed-off-by: Sven Eckelmann <s...@narfation.org>
---
Add comment

 functions.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/functions.c b/functions.c
index c78e408..e095fd0 100644
--- a/functions.c
+++ b/functions.c
@@ -184,7 +184,8 @@ open:
        }
 
        if (read_opt & CLR_CONT_READ)
-               system("clear");
+               /* clear screen, set cursor back to 0,0 */
+               printf("\033[2J\033[0;0f");
 
 read:
        while (getline(&line_ptr, &len, fp) != -1) {
-- 
1.7.10.4

[B.A.T.M.A.N.] [PATCHv2] batctl: Clear screen using ANSI escape codes

Reply via email to