desktop-packages team mailing list archive

Thread
Date

[Bug 190628] Re: breakage and possible execution of unsafe code with shell metacharacters

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxx>
Date: Tue, 13 Dec 2011 14:55:54 -0000
Reply-to: Bug 190628 <190628@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

system-tools-backends is no longer in main and has been deprecated. I am
going to leave this bug open for now, but unsubscribing ubuntu-security.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to system-tools-backends in Ubuntu.
https://bugs.launchpad.net/bugs/190628

Title:
  breakage and possible execution of unsafe code with shell
  metacharacters

Status in system-tools-backends:
  Confirmed
Status in “system-tools-backends” package in Ubuntu:
  Confirmed

Bug description:
  Binary package hint: system-tools-backends

  The function Utils::File::run_backtick() (from '/usr/share/system-
  tools-backends-2.0/scripts/Utils/File.pm') accepts a single argument
  of a string which is later parsed into a command and arguments by
  splitting on blanks. This causes breakage whenever an argument itself
  contains blanks or other shell metacharacters and can even lead to the
  unintended execution of shellcode.

  A real-world example of breakage is when entering an SSID or
  encryption key containing blanks or other shell metacharacters via
  network-admin from gnome-system-tools. It is even unsecure since
  unsafe shellcode could be injected by way having an SSID such as "My
  SSID; rm -rf /".

To manage notifications about this bug go to:
https://bugs.launchpad.net/system-tools-backends/+bug/190628/+subscriptions