Attachment 320962 Details for Bug 430868 – File access security fix

[patch] File access security fix

security-text-command-fix.patch (text/plain), 1.31 KB, created by Martin Erik Werner on 2012-08-11 03:09:57 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Martin Erik Werner

Created: 2012-08-11 03:09:57 UTC

Size: 1.31 KB

patch

obsolete

>Author: Lee "Eihrul" Salzman <lsalzman@gmail.com>
>Date: Sun, 22 Jul 2012 21:22:55 +0000
>Subject: text command fix
>Description: File access security fix
> Game maps can in cube2-engine games be transmitted either from server
> to client or from client to client, which includes a config file
> (mapname.cfg) which is in "cubescript" format, this makes it possible
> for an attacker to send a malign script via a new map (which must be
> chosen by admin on a server, or created in cooperative editing mode). A
> script like this could trivially read/write to any files which the user
> running the client has access to (it is executed when the client loads
> the map).
> .
> This patch stops "textedit" commands being able to be run in map-run
> scripts, thus disabling the ability to read/write to user files.
>
>Origin: upstream, https://sourceforge.net/apps/trac/redeclipse/changeset/3764
>Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684143
>Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=846368
>Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/redeclipse/+bug/1034148
>
>--- a/src/engine/textedit.h
>+++ b/src/engine/textedit.h
>@@ -690,7 +690,7 @@
> 
> #define TEXTCOMMAND(f, s, d, body) ICOMMAND(0, f, s, d,\
>     editor *top = currentfocus();\
>-    if(!top) return;\
>+    if(!top || identflags&IDF_WORLD) return;\
>     body\
> )
>

Actions: View | Diff

Attachments on bug 430868: 320962