[Bug 1857733] [NEW] MOTD "safe_print" prints control characters
Victor Engmark
victor.engmark at gmail.com
Fri Dec 27 23:40:06 UTC 2019
Public bug reported:
/etc/update-motd.d/50-motd-news contains a function called "safe_print".
Its documentation says it does not print control characters, but this is
false. If you look at the `tr` command it prints \012 (Device Control 2
aka. DC2 aka. ␒) and \015 (Negative Acknowledge aka. NAK aka. ␕) from
the source. I don't know why it would do that, or whether it could
possibly be a security issue, especially since it makes the code more
complex than it should be (`tr -d '\000-\011\013\014\016-\037'` vs `tr
-d '\000-\037'`). A quick `/etc/update-motd.d/50-motd-news --force |
grep $'\x12\|\x15'` returned exit code 1, so it's not part of the
current MOTD.
** Affects: base-files (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to base-files in Ubuntu.
https://bugs.launchpad.net/bugs/1857733
Title:
MOTD "safe_print" prints control characters
Status in base-files package in Ubuntu:
New
Bug description:
/etc/update-motd.d/50-motd-news contains a function called
"safe_print". Its documentation says it does not print control
characters, but this is false. If you look at the `tr` command it
prints \012 (Device Control 2 aka. DC2 aka. ␒) and \015 (Negative
Acknowledge aka. NAK aka. ␕) from the source. I don't know why it
would do that, or whether it could possibly be a security issue,
especially since it makes the code more complex than it should be (`tr
-d '\000-\011\013\014\016-\037'` vs `tr -d '\000-\037'`). A quick
`/etc/update-motd.d/50-motd-news --force | grep $'\x12\|\x15'`
returned exit code 1, so it's not part of the current MOTD.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/base-files/+bug/1857733/+subscriptions
More information about the foundations-bugs
mailing list