[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Chicken-hackers] [PATCH 2/4] csi: fix untrusted code execution by (
From: |
Peter Bex |
Subject: |
Re: [Chicken-hackers] [PATCH 2/4] csi: fix untrusted code execution by (load)ing ./.csirc |
Date: |
Fri, 15 Mar 2013 11:47:20 +0100 |
User-agent: |
Mutt/1.4.2.3i |
On Fri, Mar 15, 2013 at 06:58:42AM +0100, Florian Zumbiehl wrote:
> Remove (load)ing of ./.csirc on csi startup as it can lead to execution of
> untrusted code.
This is pretty serious. I'll request a CVE and issue an advisory
shortly, once this patch has gone in. Attached is a slightly improved
patch which just ignores HOME if it's empty, as that's a little
friendlier (it's not serious if HOME is empty and it can be easily
recovered from).
I've also added a note to NEWS.
I nominate this patch for inclusion into the stability branch.
> ---
>
> I think a replacement mechanism is not necessary, anyone who wants the old
> behaviour can just add appropriate code to their ~/.csirc.
>
> The TOCTOU sporadic failure bug I have left in as I don't have a clue how
> to fix that.
I'm assuming you are talking about the check whether ~/.csirc exists
before invoking LOAD on it. If there's some other TOCTOU bug, please be
a little more verbose.
Maybe this could be treated by catching an exception? OTOH, it shouldn't
matter much, as the only one who should have access to ~/.csirc is the
user himself.
Cheers,
Peter
--
http://www.more-magic.net
0001-csi-fix-untrusted-code-execution-by-load-ing-.-.csir.patch
Description: Text document