breakage and possible execution of unsafe code with shell metacharacters
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
system-tools-backends |
Confirmed
|
Undecided
|
Unassigned | ||
system-tools-backends (Ubuntu) |
Confirmed
|
Low
|
Unassigned |
Bug Description
Binary package hint: system-
The function Utils::
A real-world example of breakage is when entering an SSID or encryption key containing blanks or other shell metacharacters via network-admin from gnome-system-tools. It is even unsecure since unsafe shellcode could be injected by way having an SSID such as "My SSID; rm -rf /".
Network/Ifaces.pm contains:
# FIXME: not good to pass directly keys to processes, :File:: run_backtick ("wpa_passphrase $essid $key");
# probably the network one won't be so important
# to keep secret to other users.
$output = &Utils:
Confirmed $key and $essid are user controllable. Checked other occurrences of run_backtick(), and arguments are not user controllable. Users/Groups.pm doesn't do checking either, blackbox testing indicates the front-end does.