Hello, In contrib/scripts/linki.py 95 def czyjest (): 96 if os.path.exists('/tmp/rmrmg_ekg_url'): 97 wejsc= open ('/tmp/rmrmg_ekg_url') 98 file = wejsc.readlines() 99 dlug=len(file) 100 wejsc.close() 101 #ekg.printf("generic", "liczno
Hello, In contrib/scripts/linki.py 95 def czyjest (): 96 if os.path.exists('/tmp/rmrmg_ekg_url'): 97 wejsc= open ('/tmp/rmrmg_ekg_url') 98 file = wejsc.readlines() 99 dlug=len(file) 100 wejsc.close() 101 #ekg.printf("generic", "liczno¶æ %d" %(dlug)) 102 return file 103 else: 104 return 0 Then : 35 def handle_keypress(meta, key): 36 if key == 269: 37 ekg.printf("generic", "wci¶nieto F5") 38 nurl=czyjest() 39 if nurl == 0: 40 ekg.printf("generic", "nie ma zadnego adresu URL") 41 else: 42 dlug=len(nurl) 43 if dlug == 1: 44 ekg.printf("generic", "otwieram %s w nowej zak³adce" %(nurl[0])) 45 os.system("MozillaFirebird -remote 'openURL(%s, new-tab)'" %(nurl[0])) 46 os.system('rm /tmp/rmrmg_ekg_url') 47 else: 48 ekg.printf("generic", "linków mam %d" %(dlug)) 49 wielejest(nurl) 50 ekg.printf("generic", "otwieram %s w nowej zak³adce" %(nurl[0])) 51 os.system("MozillaFirebird -remote 'openURL(%s, new-tab)'" %(nurl[0])) 52 elif key == 270: 53 ekg.printf("generic", "wcisniêto F6") 54 nurl=czyjest() 55 if nurl == 0: 56 ekg.printf("generic", "nic nie moge skasowaæ - nie ma zadnego adresu URL") 57 else: 58 dlug=len(nurl) 59 if dlug == 1: 60 ekg.printf("generic", "kasuje adres %s" %(nurl[0])) 61 os.system('rm /tmp/rmrmg_ekg_url') 62 else: 63 ekg.printf("generic", "jest wiele linków") 64 wielejest(nurl) 65 ekg.printf("generic", "kasuje pierwszy czyli: %s" %(nurl[0])) 66 elif key == 271: 67 ekg.printf("generic", "wcisniêto F7") 68 nurl=czyjest() 69 if nurl == 0: 70 ekg.printf("generic", "nie ma zadnego adresu URL") 71 else: 72 dlug=len(nurl) 73 if dlug == 1: 74 ekg.printf("generic", "otwieram %s w nowym oknie" %(nurl[0])) 75 os.system("MozillaFirebird %s" %(nurl[0])) 76 os.system('rm /tmp/rmrmg_ekg_url') 77 else: 78 ekg.printf("generic", "linków mam %d" %(dlug)) 79 wielejest(nurl) 80 ekg.printf("generic", "otwieram %s w nowym oknie" %(nurl[0])) 81 elif key == 272: 82 ekg.printf("generic", "wcisniêto F8") 83 nurl=czyjest() 84 ekg.printf("generic", "F5 - otwiera w nowej zak³adce; F7 w nowym oknie, a F6 kasuje, w szystko tyczy siê pierwszej pozycji z listy") 85 if nurl == 0: 86 ekg.printf("generic", "nie ma zadnego adresu URL") 87 else: 88 dlug=len(nurl) 89 ekg.printf("generic", "linków mam %d oto one:" %(dlug)) 90 for po in nurl: 91 ekg.printf("generic", "%s" %(po)) 92 return 1 -------------------------------------------------- I think there is possible to TOCTOU or as taviso say maybe arbitrary command execution Regards.
arbitary command execution by spiking that file. The lines read from that file should be filtered before being passed to system.
Hello, I contact the upstream to notify him the vulnerability. Any body has a patch ? /me not good python developper. Regards.
Romang any news from upstream?
Hello, Actualy no vendor response. We should wait a little more. Regards.
No response from vendor
auditors: feel like designing a Python patch for this ?
Pulling in the maintainer. spock: feel like designing a patch for this ?
Are you aware of the fact that contrib/scripts/linki.py isn't even installed on Gentoo systems?
heh, excellent :) Closing as INVALID Eric: if you disagree, feel free to reopen this one :)
Hello, Ok for invalid on gentoo, but this software is still containing a sleeping security holes. So we can hope that maintainer neither forget to don't use this contrib file in 6 month. Regards.