gufw-developers team mailing list archive
-
gufw-developers team
-
Mailing list archive
-
Message #01857
Re: [Bug 1410839] Re: Shell Command injection in ufw_backend.py
Hi Bernd!
Yes, you are right. I tried subproccess a few years ago and I found
something that was not working in what I need (i don't remember what). But
I will try it again :) I will create another bug for that and I will give
you a feedback.
I can't upload that change because It'll be complicate to asure the current
GUI stability and for older versions I have to fix problems but I must not
to make improvements.
In other way, this bug was epic. I learned a lot about (not web PHP)
injection. I want to thank you all the reports, tests and help!!! :) Really
thank you!!
Best regards!!
--
You received this bug notification because you are a member of Gufw
Developers, which is subscribed to Gufw.
https://bugs.launchpad.net/bugs/1410839
Title:
Shell Command injection in ufw_backend.py
Status in Gufw:
Fix Released
Status in gui-ufw package in Ubuntu:
Confirmed
Bug description:
Firewall Administrators can be tricked by someone to export a profile
with Gufw to an special crafted file or path name wich contains shell
code.
reason is this line in ufw_backend.py :
def export_profile(self, profile, file):
commands.getstatusoutput('cp /etc/gufw/' + profile + '.profile ' + file + ' ; chmod 777 ' + file)
The rename and delete funktions are also unsave if profile name
contains shell code, like semicolons.
To manage notifications about this bug go to:
https://bugs.launchpad.net/gui-ufw/+bug/1410839/+subscriptions
References