[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: upload processing resumed

On 13053 March 1977, Arno Töll wrote:
>> Thanks for securing it quickly :) Is there any danger of the vulnerable
>> code being in use on other systems, e.g. as part of a dak install?
> Indeed, thanks for fixing the issue so fast.

> But full disclosure FTW. Now, that the problem is fixed please share
> some details about the nature of the vulnerability.

All our commits are open and get to the -dak list too.
The basic summary is "really old code that needs to be replaced,
really". In this case - a possible attack using the help of shell
metacharacters by a specially prepared filename due to not checking if
such characters are in the filename AND using perls open function in the
way it lets shell help it.

My quick fix only ensured we don't have meta characters, Ansgar invested
some more time and rewrote the code in question much more. And fixed a
number of other issues too. For details there: read the commits. :)

-- 
bye, Joerg
Naturally; worms that don't know what they are doing end up as
fish bait, instead of getting invited into weird math experiments.
		-- Lars Wirzenius
Reply to: