lilypond-auto
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Lilypond-auto] [LilyIssues-auto] [testlilyissues:issues] Re: #5243 Fix

From: Auto mailings of changes to Lily Issues via Testlilyissues-auto
Subject: [Lilypond-auto] [LilyIssues-auto] [testlilyissues:issues] Re: #5243 Fix security problem in lilypond-invoke-editor
Date: Fri, 24 Nov 2017 23:47:26 -0000

We also have to inspect every other use of scm_system, e.g. backend_library.scm .If someone offers to run lilypond on a server, a similar attack might be (probably is) possible. I think there are characters allowed in filenames that have special meaning to a number of shells. Even if suspcious filenames are filtered: bookOutputSuffix might help.

No, I would not rewrite the script in python.

Your "unholy mess" might be a good idea, but I don't have access to a windows system or a mac. It really might be a good idea if we need it in other parts of lilypond.

Usage of scm_system_star has one big advantage: It is simple and it is available on all supported systems. If there really would be a problem with scm_system_star we simply would fix libguile/simpos.c. The procedure is nothing but a short and simple interface to the well tested functions of the standard c library.

[issues:#5243] Fix security problem in lilypond-invoke-editor

Status: Started
Created: Thu Nov 23, 2017 08:35 AM UTC by Knut Petersen
Last Updated: Fri Nov 24, 2017 09:57 PM UTC
Owner: Knut Petersen

Fix security problem in lilypond-invoke-editor

If lilypond-invoke-editor was installed as a general
uri-helper it was easy to abuse it to execute arbitrary
code on an attacked system for non-textedit URIs.
This part of the problem was discovered and reported
to our bug-lilypond mailing list by Gabriel Corona.

But also pure textedit URIs were vulnerable, an
example is the URI

textedit:///:&xterm -e find ~/&:x:

that executes "find ~/" in a xterm.

With this patch lilypond-invoke-editor only
handles textedit URIs, and it does no longer
use the systems command processor but
guiles system* procedure for those URIs.

Also the script will abort if the line, char and
column fields of a textedit URI contain anything
but digits.

We could have fixed URI passing to the browser,
but it is not our job to provide a general URI helper.
Other software (e.g. xdg-open and friends) should
be used for that.

The security problem fixed now was introduced
into lilypond in the year 2005.

Signed-off-by: Knut Petersen address@hidden

http://codereview.appspot.com/336240043

Sent from sourceforge.net because address@hidden is subscribed to https://sourceforge.net/p/testlilyissues/issues/

To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/testlilyissues/admin/issues/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Testlilyissues-auto mailing list
address@hidden
https://lists.sourceforge.net/lists/listinfo/testlilyissues-auto
reply via email to
[Prev in Thread] Current Thread [Next in Thread]