group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1668744] Re: shell metacharacters mishandled

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Seth Arnold <1668744@xxxxxxxxxxxxxxxxxx>
Date: Tue, 24 Oct 2017 00:17:48 -0000
Reply-to: Bug 1668744 <1668744@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I added trusty, xenial, and zesty tasks for this bug without verifying
which releases need work.

Thanks

** Also affects: firejail (Ubuntu Zesty)
   Importance: Undecided
       Status: New

** Also affects: firejail (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: firejail (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Changed in: firejail (Ubuntu)
       Status: Incomplete => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1668744

Title:
  shell metacharacters mishandled

Status in firejail package in Ubuntu:
  Fix Released
Status in firejail source package in Trusty:
  New
Status in firejail source package in Xenial:
  New
Status in firejail source package in Zesty:
  New

Bug description:
  I think this is a security bug, see what happens with backticks in a
  filename:

  $ touch testfile
  $ imv testfile
  > testfile `touch badness`
  $ firejail ls testfile*
  Reading profile /etc/firejail/generic.profile
  Reading profile /etc/firejail/disable-mgmt.inc
  Reading profile /etc/firejail/disable-secret.inc
  Reading profile /etc/firejail/disable-common.inc

  ** Note: you can use --noprofile to disable generic.profile **

  Parent pid 23142, child pid 23143

  Child process initialized
  ls: cannot access 'testfile ': No such file or directory

  parent is shutting down, bye...
  $ ls badness
  badness

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: firejail 0.9.38.10-0ubuntu0.16.04.1
  ProcVersionSignature: Ubuntu 4.4.0-64.85-generic 4.4.44
  Uname: Linux 4.4.0-64-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.5
  Architecture: amd64
  CurrentDesktop: LXDE
  Date: Tue Feb 28 22:09:38 2017
  Dependencies:
   gcc-6-base 6.0.1-0ubuntu1
   libc6 2.23-0ubuntu5
   libgcc1 1:6.0.1-0ubuntu1
  InstallationDate: Installed on 2010-11-27 (2285 days ago)
  InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007)
  SourcePackage: firejail
  UpgradeStatus: Upgraded to xenial on 2016-07-25 (218 days ago)
  modified.conffile..etc.firejail.firefox.profile: [modified]
  mtime.conffile..etc.firejail.firefox.profile: 2016-09-02T08:13:38.219464

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firejail/+bug/1668744/+subscriptions