breakage and possible execution of unsafe code with shell metacharacters
Bug #190628 reported by
James Michael Fultz
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| system-tools-backends |
Confirmed
|
Undecided
|
Unassigned | ||
| system-tools-backends (Ubuntu) |
Confirmed
|
Low
|
Unassigned | ||
Bug Description
Binary package hint: system-
The function Utils::
A real-world example of breakage is when entering an SSID or encryption key containing blanks or other shell metacharacters via network-admin from gnome-system-tools. It is even unsecure since unsafe shellcode could be injected by way having an SSID such as "My SSID; rm -rf /".
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #1 |
| Changed in system-tools-backends: | |
| status: | New → Confirmed |
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #2 |
| Changed in system-tools-backends: | |
| importance: | Undecided → Low |
Revision history for this message
| Milan Bouchet-Valat (nalimilan) wrote | #3 |
| Changed in system-tools-backends: | |
| status: | New → Fix Released |
Revision history for this message
| Milan Bouchet-Valat (nalimilan) wrote | #4 |
| Changed in system-tools-backends: | |
| status: | Fix Released → Confirmed |
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #5 |
To post a comment you must log in.
Network/Ifaces.pm contains:
# FIXME: not good to pass directly keys to processes,
# probably the network one won't be so important
# to keep secret to other users.
$output = &Utils:
Confirmed $key and $essid are user controllable. Checked other occurrences of run_backtick(), and arguments are not user controllable. Users/Groups.pm doesn't do checking either, blackbox testing indicates the front-end does.