https://bugs.kde.org/show_bug.cgi?id=455967
Bug ID: 455967
Summary: Processes launched by KTechLab might execute commands
from current directory
Product: KTechLab
Version: unspecified
Platform: Other
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected]
Target Milestone: ---
SUMMARY
Processes launched by KTechLab might execute commands from current directory.
See Q/KProcess security advisory:
https://kde.org/info/security/advisory-20220131-1.txt
STEPS TO REPRODUCE
QProcess p;
p.setWorkingDirectory(xxx); // in some cases
p.start("binaryname", args);
As the binary name is in most cases passed as a non-absolute executable name,
QProcess will execute a "binaryname" named executable
from the working directory (implicit that of the application or explicit that
one set by setWorkingDirectory), if no matching executable is found
in the normal search path (PATH).
This allows attackers to put malicious executables with the right name for
example in the document directory.
If the wanted executable is not in the search path, the malicious one will be
executed.
PROPOSED FIX
For each tool (external language) validate the path of the executable to be
launched, before running it.
If the executable is not in the PATH, warn the user; maybe add custom
directories where the tools might be installed.
--
You are receiving this mail because:
You are watching all bug changes.
