Opened 16 years ago
Closed 16 years ago
Last modified 16 years ago
#4647 closed patch (fixed)
Make mythbookmarkmanager pass valid command line to myth_system()
Reported by: | Owned by: | Isaac Richards | |
---|---|---|---|
Priority: | major | Milestone: | 0.21 |
Component: | mythbrowser | Version: | head |
Severity: | high | Keywords: | |
Cc: | Ticket locked: | no |
Description
The mythbookmarkmanager plugin passes an invalid command line to the myth_system() function. There can be unescaped shell characters passed in which then gets passed straight to the command line. If a URL is something like http :a.site/path?arg1=1&arg2=2&arg3=3 then the '&' character is not protected from the shell.
This patch just fixes the non-security related problems by quoting the '&' and ';' characters. This is not sufficient for a full fix for the problem but it fixes normal usage. A proper fix should go into myth_system() in mythlib/utils.cpp.
Unless proven otherwise failure to escape shell characters should be considered a security problem. Any command can be stored in the bookmark by typing it in so this allows for any shell command to be run as the same user as mythbrowser. This is why it is marked as major priority and high severity - feel free to analyse the security implications and downgrade if necessary.
Attachments (1)
Change History (4)
Changed 16 years ago by
Attachment: | bookmarkmager.cpp.diff added |
---|
comment:1 Changed 16 years ago by
Milestone: | unknown → 0.21 |
---|
comment:2 Changed 16 years ago by
Resolution: | → fixed |
---|---|
Status: | new → closed |
Patch for bookmarkmager.cpp