kernel-packages team mailing list archive

Thread
Date
[Bug 1550676] Re: analyze_suspend.py may allow shell code injection

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1550676@xxxxxxxxxxxxxxxxxx>
Date: Thu, 16 Jun 2016 04:17:53 -0000
Reply-to: Bug 1550676 <1550676@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
[Expired for linux (Ubuntu) because there has been no activity for 60
days.]

** Changed in: linux (Ubuntu)
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1550676

Title:
  analyze_suspend.py may allow shell code injection

Status in linux package in Ubuntu:
  Expired

Bug description:
  File :
  /usr/src/linux-headers-4.4.0-7/scripts/analyze_suspend.py

  The file "analyze_suspend.py" uses depreached and insecure python calls like os.popen and os.system.
  This may lead to unwanted code execution. 

  For example when the script does a walk through /sys/devices , 
  it could be possible that shell code in the "dirname" of the device will be executed by a shell , 
  e.g. with a special crafted ( loop ? ) device with the name "/sys/devices/...some path.../;shell command here;/.../usb9/" and puts  2 files 'idVendor' and  'idProduct' into that folder.  

  So, please replace all the the os calls with subprocess.

  ---------------

  Line : 2829-2842

  def setUSBDevicesAuto():
  	global sysvals

  	rootCheck()
  	for dirname, dirnames, filenames in os.walk('/sys/devices'):
  		if(re.match('.*/usb[0-9]*.*', dirname) and
  			'idVendor' in filenames and 'idProduct' in filenames):
  			os.system('echo auto > %s/power/control' % dirname)
  			name = dirname.split('/')[-1]
  			desc = os.popen('cat %s/product 2>/dev/null' % \
  				dirname).read().replace('\n', '')
  			ctrl = os.popen('cat %s/power/control 2>/dev/null' % \
  				dirname).read().replace('\n', '')
  			print('control is %s for %6s: %s' % (ctrl, name, desc))

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: linux-headers-4.4.0-7 4.4.0-7.22
  ProcVersionSignature: Ubuntu 4.4.0-7.22-generic 4.4.2
  Uname: Linux 4.4.0-7-generic x86_64
  ApportVersion: 2.20-0ubuntu3
  Architecture: amd64
  AudioDevicesInUse:
   USER        PID ACCESS COMMAND
   /dev/snd/controlC0:  theregrunner   1929 F.... pulseaudio
   /dev/snd/controlC1:  theregrunner   1929 F.... pulseaudio
  CurrentDesktop: Unity
  Date: Sat Feb 27 09:03:53 2016
  HibernationDevice: RESUME=UUID=fcbb15dc-294e-4d63-8dd4-7df9864e02c2
  InstallationDate: Installed on 2016-02-22 (4 days ago)
  InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Alpha amd64 (20160219)
  IwConfig:
   enp5s0    no wireless extensions.
   
   lo        no wireless extensions.
  PackageArchitecture: all
  ProcFB: 0 nouveaufb
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-7-generic root=UUID=9879fcc8-079a-4975-82d8-d3aff297191d ro quiet splash vt.handoff=7
  RelatedPackageVersions:
   linux-restricted-modules-4.4.0-7-generic N/A
   linux-backports-modules-4.4.0-7-generic  N/A
   linux-firmware                           1.156
  RfKill:
   
  SourcePackage: linux
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 11/05/2009
  dmi.bios.vendor: American Megatrends Inc.
  dmi.bios.version: 080015
  dmi.board.name: GeForce 8000 series
  dmi.board.version: 1.0
  dmi.chassis.type: 3
  dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr080015:bd11/05/2009:svn:pnGeForce8000series:pvr1.0:rvn:rnGeForce8000series:rvr1.0:cvn:ct3:cvr:
  dmi.product.name: GeForce 8000 series
  dmi.product.version: 1.0

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1550676/+subscriptions