Ubuntu
gnome-shell package

gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH

Bug #930854 reported by Zubin Mithra
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gnome-shell (Ubuntu)
Won't Fix
Undecided
Unassigned

Bug Description

gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in
the LD_LIBRARY_PATH, which allows local users to gain privileges via a
Trojan horse shared library in the current working directory.

The bug exists in src/gnome-shell.in in the following snippet.

232 pkgconfig = subprocess.Popen(['pkg-config', '--variable=sdkdir', 'mozilla-js'],
233 stdout=subprocess.PIPE)
234 mozjs_sdkdir = pkgconfig.communicate()[0].strip()
235 pkgconfig.wait()
236 if pkgconfig.returncode == 0:
237 mozjs_libdir = re.sub('-(sdk|devel)', '', mozjs_sdkdir)
238 if os.path.exists(mozjs_libdir + '/libmozjs.so'):
239 env['LD_LIBRARY_PATH'] = os.environ.get('LD_LIBRARY_PATH', '') + ':' + mozjs_libdir

If LD_LIBRARY_PATH is not set, you have the empty field in the LD_LIBRARY_PATH environment variable.

CVE References

Revision history for this message
Zubin Mithra (zubin-mithra) wrote :

The patch for the same would be as follows :-

LD_LIBRARY_PATH = os.environ.get('LD_LIBRARY_PATH')
if LD_LIBRARY_PATH:
    env['LD_LIBRARY_PATH'] = os.environ.get('LD_LIBRARY_PATH', '') + ':' + mozjs_libdir
else:
    env['LD_LIBRARY_PATH'] = mozjs_libdir

Revision history for this message
Jeremy Bícha (jbicha) wrote :

This will most likely not be fixed for the same reason it wasn't fixed in Fedora 14. https://bugzilla.redhat.com/show_bug.cgi?id=644561

GNOME Shell in Maverick is an unsupported pre-release and the code now is dramatically different than it was in 2010. Ubuntu 10.10 will no longer be supported at all in April. If you want to run GNOME Shell, I highly recommend you use Ubuntu 11.10, the only Ubuntu release where GNOME Shell is currently supported.

Revision history for this message
Micah Gersten (micahg) wrote :

Patches welcome

Revision history for this message
Zubin Mithra (zubin-mithra) wrote :

For some reason I'm not able to build the source I get via apt-get source, so I'm attaching the patch instead of the debdiff. Please find attached a file which is to be patched against src/gnome-shell.in

Hope this helps, Cheers!

Revision history for this message
Jeremy Bícha (jbicha) wrote :

Thank you for reporting this bug to Ubuntu. Ubuntu 10.10 reached EOL on April 10, 2012.
Please see this document for currently supported Ubuntu releases:
https://wiki.ubuntu.com/Releases

Please feel free to report any other bugs you may find.

https://lists.ubuntu.com/archives/ubuntu-announce/2012-April/000158.html

Changed in gnome-shell (Ubuntu):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.