[mythtv-commits] Ticket #10680: MythSystem doesn't split command line strings internally

MythTV noreply at mythtv.org
Wed May 2 13:41:53 UTC 2012

#10680: MythSystem doesn't split command line strings internally
 Reporter:  github@…             |          Owner:  wagnerrp
     Type:  Developer Task       |         Status:  accepted
 Priority:  minor                |      Milestone:  unknown
Component:  MythTV - MythSystem  |        Version:  Master Head
 Severity:  medium               |     Resolution:
 Keywords:                       |  Ticket locked:  0

Comment (by github@…):

 I filed this ticket to cover a specific problem, and the rewritten ticket
 description doesn't seem to cover it. There are lots of places in the code
 that pass arguments to !MythSystem as a QStringList, without the
 kMSNoRunShell flag, and that use their own broken escaping mechanisms
 instead. For example, a picture with quotes and pipes in it would
 inadvertantly trigger an external executable, (see
 50f91450b3136cc5d0e832946d6b161ff640fcfb), even though the arguments are
 in a QStringList. I saw about 63 places in the code that suffer from
 insecure shell escaping.

 To be perfectly clear: this is a security threat. Some Myth installations
 are configured to read pictures from an inserted thumb drive. If a drive
 contains malicious filenames, with single quotes and pipes in them, then
 the owner of the drive could take over the Myth system.

 How do we address this situation? So far I've filed two tickets on it and
 they have both been closed or repurposed. Thanks.

Ticket URL: <http://code.mythtv.org/trac/ticket/10680#comment:2>
MythTV <http://code.mythtv.org/trac>
MythTV Media Center

More information about the mythtv-commits mailing list