[mythtv-commits] Ticket #10680: MythSystem doesn't split command line strings internally
MythTV
noreply at mythtv.org
Wed May 2 13:41:53 UTC 2012
#10680: MythSystem doesn't split command line strings internally
---------------------------------+-----------------------------
Reporter: github@… | Owner: wagnerrp
Type: Developer Task | Status: accepted
Priority: minor | Milestone: unknown
Component: MythTV - MythSystem | Version: Master Head
Severity: medium | Resolution:
Keywords: | Ticket locked: 0
---------------------------------+-----------------------------
Comment (by github@…):
I filed this ticket to cover a specific problem, and the rewritten ticket
description doesn't seem to cover it. There are lots of places in the code
that pass arguments to !MythSystem as a QStringList, without the
kMSNoRunShell flag, and that use their own broken escaping mechanisms
instead. For example, a picture with quotes and pipes in it would
inadvertantly trigger an external executable, (see
50f91450b3136cc5d0e832946d6b161ff640fcfb), even though the arguments are
in a QStringList. I saw about 63 places in the code that suffer from
insecure shell escaping.
To be perfectly clear: this is a security threat. Some Myth installations
are configured to read pictures from an inserted thumb drive. If a drive
contains malicious filenames, with single quotes and pipes in them, then
the owner of the drive could take over the Myth system.
How do we address this situation? So far I've filed two tickets on it and
they have both been closed or repurposed. Thanks.
--
Ticket URL: <http://code.mythtv.org/trac/ticket/10680#comment:2>
MythTV <http://code.mythtv.org/trac>
MythTV Media Center
More information about the mythtv-commits
mailing list