Comment 6 for bug 1520691
Revision history for this message
| Bernd Dietzel (l-ubuntuone1104) wrote | #6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
OK, i could verify that we have second bug, its in backend.py where subprocess is called.
This affects ALL scripts using the __subprocess_popen function.
hsibackend.py , lftpbackend.py , ncftpbackend.py , rsyncbackend.py , sxbackend.py , tahoebackend.py
Exploit demo :
===========
$ duplicity /tmp/ 'rsync: