1;2c after using cat or more on binary files
I noticed that if you use the hex 05 in a file and cat or more the file you can get bash to say 1;2c.
oxagast@likon ~/code $ cat fmore ^[[?1;2coxagast@likon ~/code $ 1;2c bash: 1: command not found bash: 2c: command not found oxagast@likon ~/code $ hexdump fmore 0000000 0005 0000001 oxagast@likon ~/code $
I was just interested in why it does this and if it‘s a security bug, considering most people, when using more, will press the return key until the files over, so you could craft a file that looks normal and wait until they get to the end and if an executable file 1 or 2c is in the path (or if you could possibly change what those values are) it would execute them once it drops back to bash. The fmore file does not have to be set to executable or anything.
It‘s in the way non-printing or control characters and escape sequences are interpreted. Abusing that can still fool some applications or log parsers so using precautions something like ‘noexec less -dRUX /path/logfilename‘ or ‘cat -v /path/filename|col -x‘ or using ‘strings -an1|less‘ to read things make sense if you think you‘re onto something. Dropping files in (the ‘.‘ portion of the) $PATH is an ancient trick to make people execute things. Abusing it AFAIK hinges on having the required access rights to drop files in path items (meaning that if root does that you‘ve got problems of a different magnitude) and sane path settings (e.g. the root account shouldn‘t have or need ‘.‘ in its path and certainly not as the first item or risk asking for trouble).
http://www.linuxquestions.org/questions/linux-security-4/1%3B2c-after-using-cat-or-more-on-binary-files-771934/
原文:http://www.cnblogs.com/softidea/p/4870689.html