[Secure-testing-team] Bug#504144: htop: Does not filter non-printable characters in process names

[Josh Triplett]

Package: htop
Version: 0.7-1
Severity: grave
Tags: security
Justification: user security hole

htop does not filter non-printable characters in process names.  Test
case:

echo -e '#!/bin/sh\nwhile :;do :;done' > $(echo -ne '\e[2J\e[H')
chmod a+x $(echo -ne '\e[2J\e[H')
../$(echo -ne '\e[2J\e[H')

top changes the non-printable characters to question marks.  htop
prints them unchanged, and thus corrupts its own display.  More subtle
escape sequences could hide a process entirely, or do more malicious
things depending on the capabilities of the terminal displaying htop.

- Josh Triplett