gv4l is a gui frontend to transcode. if you look at the source code it just looks
horrible:
everything is handled with the C function 'system' (grep system *|wc -l indicates there is 74 such calls).

But the worse is in the way it calls transcode: they just create a script in /tmp and execute it.

It permits another user to execute an arbitrary command as the user that run gv4l.

suppose it want him to run myscript.sh
he just have to do the following:

mkfifo /tmp/gv4l.sh ; chmod a+w /tmp/gv4l.sh
cat < /tmp/gv4l.sh ; rm /tmp/gv4l.sh ; ln -sf myscript.sh /tmp/gv4l.sh

Actually the script is executed...

In my opinion this application is broken (there are other part of the code that just are horrible: no error checking, doing things like system('rm -rf /tmp/gv4l* ') or system('sleep 1'))




Reproducible: Always
Steps to Reproduce:
1.
2.
3.