Terminal escape sequences – the new XSS for Linux sysadmins

Article shows how to make a script that fakes one kind of content when printed with cat, but uses different code when executed:

$ printf '#!/bin/bash\necho doing something evil!\nexit\n\033[2Aecho doing something very nice!\n' > backdoor.sh

$ chmod +x backdoor.sh

$ cat backdoor.sh
#!/bin/bash
echo doing something very nice!

$ ./backdoor.sh
doing something evil!
ma.ttias.be
Henning Koch
This website uses short-lived cookies to improve usability.
or learn more