gufw-developers team mailing list archive
-
gufw-developers team
-
Mailing list archive
-
Message #01825
[Bug 1410839] Re: Shell Command injection in ufw_backend.py
As i want to test the patch , gufw did not start at all.
Seem because in my language there is no "Public.profile" , but in german language it's "Öffentlich.profile".
Here is the error message when i start gufw from a terminal:
Traceback (most recent call last):
File "/usr/share/gufw/gufw/gufw.py", line 27, in <module>
controler = Controller()
File "/usr/share/gufw/gufw/controller.py", line 23, in __init__
self.frontend = Frontend()
File "/usr/share/gufw/gufw/model/frontend.py", line 23, in __init__
self.firewall = Firewall()
File "/usr/share/gufw/gufw/model/firewall.py", line 43, in __init__
self._user_changed_language() # Rename profile files
File "/usr/share/gufw/gufw/model/firewall.py", line 314, in _user_changed_language
self.backend.rename_file_profile('Public', _("Public"))
File "/usr/share/gufw/gufw/model/ufw_backend.py", line 270, in rename_file_profile
os.rename(src, dst)
OSError: [Errno 2] Datei oder Verzeichnis nicht gefunden
This OSError means "file not found" in german language.
So i print the src and dst variables
src = '/etc/gufw/Public.profile'
dst= '/etc/gufw/\xc3\x96ffentlich.profile'
as you can see, there are Problems with the german letter "Ö" in the
profile name "Öffentlich.profile"
--
You received this bug notification because you are a member of Gufw
Developers, which is subscribed to Gufw.
https://bugs.launchpad.net/bugs/1410839
Title:
Shell Command injection in ufw_backend.py
Status in Gufw:
Fix Committed
Bug description:
Firewall Administrators can be tricked by someone to export a profile
with Gufw to an special crafted file or path name wich contains shell
code.
reason is this line in ufw_backend.py :
def export_profile(self, profile, file):
commands.getstatusoutput('cp /etc/gufw/' + profile + '.profile ' + file + ' ; chmod 777 ' + file)
The rename and delete funktions are also unsave if profile name
contains shell code, like semicolons.
To manage notifications about this bug go to:
https://bugs.launchpad.net/gui-ufw/+bug/1410839/+subscriptions
References