Public bug reported:
landscape.lib.format.expandvars expands variables by executing bash in a
subprocess. This has the potential for executing arbitrary shell
commands, e.g., if the variable is $(rm -rf /home/*).
This function is currently only executed using values defined in Ubuntu
Core configuration, but this is still an external source and we should
do shell-like expansion in a way that does not allow for execution of
the user-provided values.
** Affects: landscape-client (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2055348
Title:
Potential arbitrary execution in expandvars
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/landscape-client/+bug/2055348/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
