kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #171930
[Bug 1550676] Re: analyze_suspend.py may allow shell code injection
** Attachment removed: "WifiSyslog.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1550676/+attachment/4582509/+files/WifiSyslog.txt
** Attachment removed: "UdevDb.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1550676/+attachment/4582508/+files/UdevDb.txt
** Attachment removed: "Lsusb.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1550676/+attachment/4582502/+files/Lsusb.txt
** Attachment removed: "CurrentDmesg.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1550676/+attachment/4582498/+files/CurrentDmesg.txt
** Attachment removed: "AlsaInfo.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1550676/+attachment/4582496/+files/AlsaInfo.txt
** Attachment removed: "PulseList.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1550676/+attachment/4582507/+files/PulseList.txt
** Attachment removed: "ProcModules.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1550676/+attachment/4582506/+files/ProcModules.txt
** Attachment removed: "ProcInterrupts.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1550676/+attachment/4582505/+files/ProcInterrupts.txt
** Attachment removed: "CRDA.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1550676/+attachment/4582497/+files/CRDA.txt
** Attachment removed: "Dependencies.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1550676/+attachment/4582499/+files/Dependencies.txt
** Attachment removed: "ProcEnviron.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1550676/+attachment/4582504/+files/ProcEnviron.txt
** Attachment removed: "ProcCpuinfo.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1550676/+attachment/4582503/+files/ProcCpuinfo.txt
** Attachment removed: "Lspci.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1550676/+attachment/4582501/+files/Lspci.txt
** Attachment removed: "JournalErrors.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1550676/+attachment/4582500/+files/JournalErrors.txt
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1550676
Title:
analyze_suspend.py may allow shell code injection
Status in linux package in Ubuntu:
Incomplete
Bug description:
File :
/usr/src/linux-headers-4.4.0-7/scripts/analyze_suspend.py
The file "analyze_suspend.py" uses depreached and insecure python calls like os.popen and os.system.
This may lead to unwanted code execution.
For example when the script does a walk through /sys/devices ,
it could be possible that shell code in the "dirname" of the device will be executed by a shell ,
e.g. with a special crafted ( loop ? ) device with the name "/sys/devices/...some path.../;shell command here;/.../usb9/" and puts 2 files 'idVendor' and 'idProduct' into that folder.
So, please replace all the the os calls with subprocess.
---------------
Line : 2829-2842
def setUSBDevicesAuto():
global sysvals
rootCheck()
for dirname, dirnames, filenames in os.walk('/sys/devices'):
if(re.match('.*/usb[0-9]*.*', dirname) and
'idVendor' in filenames and 'idProduct' in filenames):
os.system('echo auto > %s/power/control' % dirname)
name = dirname.split('/')[-1]
desc = os.popen('cat %s/product 2>/dev/null' % \
dirname).read().replace('\n', '')
ctrl = os.popen('cat %s/power/control 2>/dev/null' % \
dirname).read().replace('\n', '')
print('control is %s for %6s: %s' % (ctrl, name, desc))
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: linux-headers-4.4.0-7 4.4.0-7.22
ProcVersionSignature: Ubuntu 4.4.0-7.22-generic 4.4.2
Uname: Linux 4.4.0-7-generic x86_64
ApportVersion: 2.20-0ubuntu3
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC0: theregrunner 1929 F.... pulseaudio
/dev/snd/controlC1: theregrunner 1929 F.... pulseaudio
CurrentDesktop: Unity
Date: Sat Feb 27 09:03:53 2016
HibernationDevice: RESUME=UUID=fcbb15dc-294e-4d63-8dd4-7df9864e02c2
InstallationDate: Installed on 2016-02-22 (4 days ago)
InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Alpha amd64 (20160219)
IwConfig:
enp5s0 no wireless extensions.
lo no wireless extensions.
PackageArchitecture: all
ProcFB: 0 nouveaufb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-7-generic root=UUID=9879fcc8-079a-4975-82d8-d3aff297191d ro quiet splash vt.handoff=7
RelatedPackageVersions:
linux-restricted-modules-4.4.0-7-generic N/A
linux-backports-modules-4.4.0-7-generic N/A
linux-firmware 1.156
RfKill:
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 11/05/2009
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 080015
dmi.board.name: GeForce 8000 series
dmi.board.version: 1.0
dmi.chassis.type: 3
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr080015:bd11/05/2009:svn:pnGeForce8000series:pvr1.0:rvn:rnGeForce8000series:rvr1.0:cvn:ct3:cvr:
dmi.product.name: GeForce 8000 series
dmi.product.version: 1.0
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1550676/+subscriptions