gufw-developers team mailing list archive
-
gufw-developers team
-
Mailing list archive
-
Message #01818
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
The backup/restore could be a nice feature to have a way back if the user does something wrong.
If he presses restore (import) he could find the standard profiles, wich Gufw had at first run , in the backup folder.
Gufw would be able to make automated backups, too.
I like the file browser with user rights too, not root rights, i said
that in my comment above ;-)
My environment :
I am using Ubuntu Mate 14.10 , 32 bit, with kernel 3.16.0-24-generic
I made a (german) proof of concept Video where you can see that the bug works on my mashine.
https://www.youtube.com/watch?v=Kspdl_3TKG8
--
You received this bug notification because you are a member of Gufw
Developers, which is subscribed to Gufw.
https://bugs.launchpad.net/bugs/1410839
Title:
Shell Command injection in ufw_backend.py
Status in Gufw:
Fix Committed
Bug description:
Firewall Administrators can be tricked by someone to export a profile
with Gufw to an special crafted file or path name wich contains shell
code.
reason is this line in ufw_backend.py :
def export_profile(self, profile, file):
commands.getstatusoutput('cp /etc/gufw/' + profile + '.profile ' + file + ' ; chmod 777 ' + file)
The rename and delete funktions are also unsave if profile name
contains shell code, like semicolons.
To manage notifications about this bug go to:
https://bugs.launchpad.net/gui-ufw/+bug/1410839/+subscriptions
References