Public bug reported:
Binary package hint: gthumb
The Feisty version of gthumb does not escape all special shell
characters passed via the %f macro of the new Hot Keys feature. In
particular ">" and "<" are not escaped, although spaces and other
special characters are.
Might be a security issue if users are receiving files with these
characters from an untrusted source.
Steps to reproduce:
; Open a Terminal. In it type:
$ mkdir /tmp/a
$ cd /tmp/a
$ cp /var/www/apache2-default/apache_pb.png 'foo>bif bam.png'
; you can of course copy any image file you like.
$ gthumb 'foo>bif bam.png'
; In GThumb, navigate to Edit>Preferences>Hot Keys,
; then change hot-key 0 to:
; echo %f
; and press Close.
; Click on the displayed image to select it.
; Press numpad-zero.
; Note nothing is echoed to the terminal.
; Press ctrl+w to exit.
$ ls -l
total 8
-rw-rw---- 1 testuser users 11 2007-06-10 23:18 bif bam.png
-rw-r----- 1 testuser users 1385 2007-06-10 23:16 foo>bif bam.png
$ cat 'bif bam.png'
/tmp/a/foo
$
Expected behaviour:
The full path of the file is echoed to the terminal, and no new file is
created in the test directory.
Observed behaviour:
Nothing is echoed to the Terminal, and a new file is created within the
directory.
More observations:
It's useless to quote the "%f" with either single or double quotes: this
doesn't result in anything the shell will expand to the correct
filename. It doesn't work like that; note that spaces are escaped
properly before passing to the shell. Further playing around reveals
behaviour corresponding to "$", "|", and spaces being escaped properly,
but not angle brackets.
** Affects: gthumb (Ubuntu)
Importance: Undecided
Status: Unconfirmed
--
Hot Keys feature: special shell characters not escaped in %f macros
https://bugs.launchpad.net/bugs/119769
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
