top: provide the means to exploit a 256-color terminal
With the Qualys security audit, we began to harden our treatment of the top rcfile. In particular, the values read were checked so as to prevent some malicious user from editing it in order to achieve an evil objective. However when it came to colors I was surprised to find that at least one user edited the rcfile for 256-color support. Unfortunately, our new checks prevented this. So this commit will provide the means to exploit those extra colors with no need to manually edit the rcfile. Reference(s): https://gitlab.com/procps-ng/procps/issues/96 Signed-off-by: Jim Warner <james.warner@comcast.net>
This commit is contained in:
parent
fa96f3e5dc
commit
4d9e4ac4f6
21
top/top.c
21
top/top.c
@ -3293,10 +3293,11 @@ static const char *config_file (FILE *fp, const char *name, float *delay) {
|
|||||||
if (4 != fscanf(fp, "\tsummclr=%d, msgsclr=%d, headclr=%d, taskclr=%d\n"
|
if (4 != fscanf(fp, "\tsummclr=%d, msgsclr=%d, headclr=%d, taskclr=%d\n"
|
||||||
, &w->rc.summclr, &w->rc.msgsclr, &w->rc.headclr, &w->rc.taskclr))
|
, &w->rc.summclr, &w->rc.msgsclr, &w->rc.headclr, &w->rc.taskclr))
|
||||||
return p;
|
return p;
|
||||||
if (w->rc.summclr < 0 || w->rc.summclr > 7) return p;
|
// would prefer to use 'max_colors', but it isn't available yet...
|
||||||
if (w->rc.msgsclr < 0 || w->rc.msgsclr > 7) return p;
|
if (w->rc.summclr < 0 || w->rc.summclr > 255) return p;
|
||||||
if (w->rc.headclr < 0 || w->rc.headclr > 7) return p;
|
if (w->rc.msgsclr < 0 || w->rc.msgsclr > 255) return p;
|
||||||
if (w->rc.taskclr < 0 || w->rc.taskclr > 7) return p;
|
if (w->rc.headclr < 0 || w->rc.headclr > 255) return p;
|
||||||
|
if (w->rc.taskclr < 0 || w->rc.taskclr > 255) return p;
|
||||||
|
|
||||||
switch (Rc.id) {
|
switch (Rc.id) {
|
||||||
case 'a': // 3.2.8 (former procps)
|
case 'a': // 3.2.8 (former procps)
|
||||||
@ -3880,7 +3881,7 @@ signify_that:
|
|||||||
putp(Cap_home);
|
putp(Cap_home);
|
||||||
// this string is well above ISO C89's minimum requirements!
|
// this string is well above ISO C89's minimum requirements!
|
||||||
show_special(1, fmtmk(N_unq(COLOR_custom_fmt)
|
show_special(1, fmtmk(N_unq(COLOR_custom_fmt)
|
||||||
, PACKAGE_STRING, w->grpname
|
, w->grpname
|
||||||
, CHKw(w, View_NOBOLD) ? N_txt(ON_word_only_txt) : N_txt(OFF_one_word_txt)
|
, CHKw(w, View_NOBOLD) ? N_txt(ON_word_only_txt) : N_txt(OFF_one_word_txt)
|
||||||
, CHKw(w, Show_COLORS) ? N_txt(ON_word_only_txt) : N_txt(OFF_one_word_txt)
|
, CHKw(w, Show_COLORS) ? N_txt(ON_word_only_txt) : N_txt(OFF_one_word_txt)
|
||||||
, CHKw(w, Show_HIBOLD) ? N_txt(ON_word_only_txt) : N_txt(OFF_one_word_txt)
|
, CHKw(w, Show_HIBOLD) ? N_txt(ON_word_only_txt) : N_txt(OFF_one_word_txt)
|
||||||
@ -3918,6 +3919,16 @@ signify_that:
|
|||||||
clr = key - '0';
|
clr = key - '0';
|
||||||
*pclr = clr;
|
*pclr = clr;
|
||||||
break;
|
break;
|
||||||
|
case kbd_UP:
|
||||||
|
++clr;
|
||||||
|
if (clr >= max_colors) clr = 0;
|
||||||
|
*pclr = clr;
|
||||||
|
break;
|
||||||
|
case kbd_DOWN:
|
||||||
|
--clr;
|
||||||
|
if (clr < 0) clr = max_colors - 1;
|
||||||
|
*pclr = clr;
|
||||||
|
break;
|
||||||
case 'B':
|
case 'B':
|
||||||
TOGw(w, View_NOBOLD);
|
TOGw(w, View_NOBOLD);
|
||||||
break;
|
break;
|
||||||
|
@ -609,36 +609,11 @@ static void build_uniq_nlstab (void) {
|
|||||||
. this form and any translation could produce unpleasing results
|
. this form and any translation could produce unpleasing results
|
||||||
. that are unlikely to parallel the running top program.
|
. that are unlikely to parallel the running top program.
|
||||||
.
|
.
|
||||||
. If you decide to proceed with translation, do the following
|
. If you decide to proceed with translation, please take care
|
||||||
. lines only, taking care not to disturbe the tilde + number.
|
. to not disturb the spaces and the tilde + number delimiters.
|
||||||
.
|
|
||||||
. Simulated screen excerpt:
|
|
||||||
. --> " Tasks:~3 64 ~2total,~3 2 ~3running,~3 62
|
|
||||||
. --> " %%Cpu(s):~3 76.5 ~2user,~3 11.2 ~2system,~
|
|
||||||
. --> " ~1 Nasty Message! ~4 -or- ~1Input Prompt~5
|
|
||||||
.
|
|
||||||
. Other translatable text
|
|
||||||
. --> " available toggles: ~1B~2 =disable bold globa
|
|
||||||
. --> " ~1z~2 =color/mono (~1%s~2), ~1b~2 =tasks
|
|
||||||
.
|
|
||||||
. --> "1) Select ~1target~2 as upper case letter:\n"
|
|
||||||
. --> " S~2 = Summary Data,~1 M~2 = Messages/Prompt
|
|
||||||
. --> " H~2 = Column Heads,~1 T~2 = Task Informatio
|
|
||||||
. --> "2) Select ~1color~2 as number:\n"
|
|
||||||
. --> " 0~2 = black,~1 1~2 = red, ~1 2~2 = gree
|
|
||||||
. --> " 4~2 = blue, ~1 5~2 = magenta,~1 6~2 = cyan
|
|
||||||
. * --> "\n"
|
|
||||||
. --> "3) Then use these keys when finished:\n"
|
|
||||||
. --> " 'q' to abort changes to window '~1%s~2'\n"
|
|
||||||
. ** --> " 'a' or 'w' to commit & change another, <Ente
|
|
||||||
.
|
|
||||||
. Note:
|
|
||||||
. * maybe sacrifice the entire line (with the "\n") ...
|
|
||||||
. ** ... so <Enter> text potion could be on its own line
|
|
||||||
. */
|
. */
|
||||||
Uniq_nlstab[COLOR_custom_fmt] = _(""
|
Uniq_nlstab[COLOR_custom_fmt] = _(""
|
||||||
"Help for color mapping~2 - %s\n"
|
"Help for color mapping~2 - \"Current Window\" = ~1 %s ~6\n"
|
||||||
"current window: ~1%s~6\n"
|
|
||||||
"\n"
|
"\n"
|
||||||
" color - 04:25:44 up 8 days, 50 min, 7 users, load average:\n"
|
" color - 04:25:44 up 8 days, 50 min, 7 users, load average:\n"
|
||||||
" Tasks:~3 64 ~2total,~3 2 ~3running,~3 62 ~2sleeping,~3 0 ~2stopped,~3\n"
|
" Tasks:~3 64 ~2total,~3 2 ~3running,~3 62 ~2sleeping,~3 0 ~2stopped,~3\n"
|
||||||
@ -654,7 +629,8 @@ static void build_uniq_nlstab (void) {
|
|||||||
"1) Select a ~1target~2 as an upper case letter, ~1current target~2 is ~1 %c ~4:\n"
|
"1) Select a ~1target~2 as an upper case letter, ~1current target~2 is ~1 %c ~4:\n"
|
||||||
" S~2 = Summary Data,~1 M~2 = Messages/Prompts,\n"
|
" S~2 = Summary Data,~1 M~2 = Messages/Prompts,\n"
|
||||||
" H~2 = Column Heads,~1 T~2 = Task Information\n"
|
" H~2 = Column Heads,~1 T~2 = Task Information\n"
|
||||||
"2) Select a ~1color~2 as a number, ~1current color~2 is ~1 %d ~4:\n"
|
"2) Select a ~1color~2 as a number or use the up/down arrow keys\n"
|
||||||
|
" to raise/lower the 256 colors value, ~1current color~2 is ~1 %d ~4:\n"
|
||||||
" 0~2 = black,~1 1~2 = red, ~1 2~2 = green,~1 3~2 = yellow,\n"
|
" 0~2 = black,~1 1~2 = red, ~1 2~2 = green,~1 3~2 = yellow,\n"
|
||||||
" 4~2 = blue, ~1 5~2 = magenta,~1 6~2 = cyan, ~1 7~2 = white\n"
|
" 4~2 = blue, ~1 5~2 = magenta,~1 6~2 = cyan, ~1 7~2 = white\n"
|
||||||
"\n"
|
"\n"
|
||||||
|
Loading…
Reference in New Issue
Block a user