Hi Bernd! Yes, you are right. I tried subproccess a few years ago and I found something that was not working in what I need (i don't remember what). But I will try it again :) I will create another bug for that and I will give you a feedback.
I can't upload that change because It'll be complicate to asure the current GUI stability and for older versions I have to fix problems but I must not to make improvements. In other way, this bug was epic. I learned a lot about (not web PHP) injection. I want to thank you all the reports, tests and help!!! :) Really thank you!! Best regards!! -- You received this bug notification because you are a member of Gufw Developers, which is subscribed to Gufw. https://bugs.launchpad.net/bugs/1410839 Title: Shell Command injection in ufw_backend.py Status in Gufw: Fix Released Status in gui-ufw package in Ubuntu: Confirmed Bug description: Firewall Administrators can be tricked by someone to export a profile with Gufw to an special crafted file or path name wich contains shell code. reason is this line in ufw_backend.py : def export_profile(self, profile, file): commands.getstatusoutput('cp /etc/gufw/' + profile + '.profile ' + file + ' ; chmod 777 ' + file) The rename and delete funktions are also unsave if profile name contains shell code, like semicolons. To manage notifications about this bug go to: https://bugs.launchpad.net/gui-ufw/+bug/1410839/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~gufw-developers Post to : [email protected] Unsubscribe : https://launchpad.net/~gufw-developers More help : https://help.launchpad.net/ListHelp
