Skip to content

Prevent ANSI terminal injection in aa-unconfined

/proc/$pid/cmdline can be changed by an application, therefore escape it before printing.

The program name in /proc/$pid/exe can also contain any characters (except \0 and shashes) and needs escaping.

Note: repr() wraps the string into single quotes, which we have to remove to avoid changing the output format.

The test program from issue 364 now gets displayed as

28443 /path/to/issue364 (/\x1b]0;X\x07) not confined

Fixes: #364 (closed)

I propose this patch for 2.13..master

Edited by Christian Boltz

Merge request reports