Hello Adam, On Tue, 17 Apr 2012 20:51:37 +0100, Adam D. Barratt wrote: > On Thu, 2012-04-12 at 00:31 +0200, David Paleino wrote: > > I'm hereby requesting permission to upload a fix for wicd to p-u, bug > > #668397 (CCed), CVE-2012-2095. "git diff" attached. > > > > The patch for stable is slightly different from the one just pushed in > > unstable: namely, it needed an additional "has_profile", which was used in > > pre-1.7.1 versions. > > +wicd (1.7.0+ds1-5+squeeze1) UNRELEASED; urgency=low > + > + * debian/patches/: > + - fix local privilege escalation, CVE-2012-2095 > + (31-fix_local_privilege_escalation.patch) (Closes: #668397) > + > > With the distribution fixed, please go ahead; thanks. I changed the patch quite a bit, since it was buggy and made wicd not work at all (see #669388). Please find it attached: that's the one I'd like to push into p-u. Thanks, David -- . ''`. Debian developer | http://wiki.debian.org/DavidPaleino : :' : Linuxer #334216 --|-- http://www.hanskalabs.net/ `. `'` GPG: 1392B174 ----|---- http://deb.li/dapal `- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174
From: David Paleino <d.paleino@gmail.com> Subject: fix local privilege escalation, CVE-2012-2095 Origin: upstream, http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/758 --- wicd/misc.py | 8 ++++++++ wicd/wicd-daemon.py | 16 ++++++++-------- 2 files changed, 16 insertions(+), 8 deletions(-) --- wicd.orig/wicd/wicd-daemon.py +++ wicd/wicd/wicd-daemon.py @@ -1088,9 +1088,9 @@ class WirelessDaemon(dbus.service.Object def SetWirelessProperty(self, netid, prop, value): """ Sets property to value in network specified. """ # We don't write script settings here. - if (prop.strip()).endswith("script"): - print "Setting script properties through the daemon is not" \ - + " permitted." + if misc.sanitize_config(prop).endswith('script'): + print 'Setting script properties through the daemon' \ + + ' is not permitted.' return False self.LastScan[netid][prop] = misc.to_unicode(misc.Noneify(value)) @@ -1407,14 +1407,14 @@ class WiredDaemon(dbus.service.Object): return str(iface) @dbus.service.method('org.wicd.daemon.wired') - def SetWiredProperty(self, property, value): + def SetWiredProperty(self, prop, value): """ Sets the given property to the given value. """ if self.WiredNetwork: - if (property.strip()).endswith("script"): - print "Setting script properties through the daemon" \ - + " is not permitted." + if misc.sanitize_config(prop).endswith('script'): + print 'Setting script properties through the daemon' \ + + ' is not permitted.' return False - self.WiredNetwork[property] = misc.to_unicode(misc.Noneify(value)) + self.WiredNetwork[prop] = misc.to_unicode(misc.Noneify(value)) return True else: print 'SetWiredProperty: WiredNetwork does not exist' --- wicd.orig/wicd/misc.py +++ wicd/wicd/misc.py @@ -378,6 +378,14 @@ def noneToString(text): else: return str(text) +def sanitize_config(s): + """ Sanitize property names to be used in config-files. """ + s = s.strip() + s = s.replace('=', '') + s = s.replace(' ', '') + s = s.replace('\n', '') + return s + def to_unicode(x): """ Attempts to convert a string to utf-8. """ # If this is a unicode string, encode it and return
Attachment:
signature.asc
Description: PGP signature