diff options
| author | Paul Eggert <eggert@cs.ucla.edu> | 2022-05-30 17:03:26 -0700 |
|---|---|---|
| committer | Paul Eggert <eggert@cs.ucla.edu> | 2022-05-31 18:13:34 -0700 |
| commit | 5e3d207d5b7dba28ca248475188a029570766bc1 (patch) | |
| tree | 14a7ea29fb12a13d2858208f537de73053f8aff8 /NEWS | |
| parent | d92292704950c9b937dc9de54d5eecd822dfc20f (diff) | |
| download | grep-5e3d207d5b7dba28ca248475188a029570766bc1.tar.gz | |
grep: sanity-check GREP_COLOR
This patch closes a longstanding security issue with GREP_COLOR that I
just noticed, where if the attacker has control over GREP_COLOR's
settings the attacker can trash the victim's terminal or have 'grep'
generate misleading output. For example, without the patch
the shell command:
GREP_COLOR="$(printf '31m\33[2J\33[31')" grep --color=always PATTERN
mucks with the screen, leaving behind only the trailing part of
the last matching line. With the patch, this GREP_COLOR is ignored.
* src/grep.c (main): Sanity-check GREP_COLOR contents the same way
GREP_COLORS values are checked, to not trash the user's terminal.
This follows up the recent fix to Bug#55641.
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -14,6 +14,8 @@ GNU grep NEWS -*- outline -*- The confusing GREP_COLOR environment variable is now obsolescent. Instead of GREP_COLOR='xxx', use GREP_COLORS='mt=xxx'. grep now warns if GREP_COLOR is used and is not overridden by GREP_COLORS. + Also, grep now treates GREP_COLOR like GREP_COLORS by silently + ignoring it if it attempts to inject ANSI terminal escapes. Regular expressions with stray backslashes now cause warnings, as their unspecified behavior can lead to unexpected results. |