[Bug 40347] New: unmount uses unsafe system()
https://bugs.winehq.org/show_bug.cgi?id=40347 Bug ID: 40347 Summary: unmount uses unsafe system() Product: Wine Version: unspecified Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs(a)winehq.org Reporter: cpicard(a)openmailbox.org Distribution: --- Created attachment 54037 --> https://bugs.winehq.org/attachment.cgi?id=54037 eject source file DIR_unmount_device from wine/dlls/ntdll/directory.c doesn't sanitize its input leading to a possible command execution by unmounting a device mounted on a malicious path. To reproduce (from Michael Müller): $ mkdir "a;xterm" $ mount "a;xterm" $ ./eject # launches xterm where eject is built from the attached code. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=40347 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |austinenglish(a)gmail.com -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=40347 Jactry Zeng <jactry92(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jactry92(a)gmail.com -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=40347 Andrew Nguyen <arethusa26@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |DUPLICATE --- Comment #1 from Andrew Nguyen <arethusa26@gmail.com> --- The specific example that was provided no longer results in command execution since commit 2b40756536ab9bdcbce8b6ea24555f58e06c25ca, which is first available in the wine-9.21 release. This fix is the subject of bug 57391, so I'll go ahead and mark this bug as a duplicate of that one. *** This bug has been marked as a duplicate of bug 57391 *** -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=40347 Alistair Leslie-Hughes <leslie_alistair@hotmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #2 from Alistair Leslie-Hughes <leslie_alistair@hotmail.com> --- Closing Duplicate. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (2)
-
wine-bugs@winehq.org -
WineHQ Bugzilla