The Samba-Bugzilla – Attachment 11602 Details for
Bug 11601
Shell command injection - samba-tool domain classicupgrade
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for 4.2
popen42.patch (text/plain), 1.61 KB, created by
Uri Simchoni
on 2015-11-16 05:34:49 UTC
(
hide
)
Description:
patch for 4.2
Filename:
MIME Type:
Creator:
Uri Simchoni
Created:
2015-11-16 05:34:49 UTC
Size:
1.61 KB
patch
obsolete
>From 1a31a85160e3d200b5a44bcf0afe9c9f6b8d2ffb Mon Sep 17 00:00:00 2001 >From: Uri Simchoni <uri@samba.org> >Date: Sun, 15 Nov 2015 16:30:21 +0200 >Subject: [PATCH] samba-tool: replace use of os.popen > >The netcmd/domain.py module uses os.popen() on user-supplied >parameters. This opens up the way to code injection. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11601 > >Signed-off-by: Uri Simchoni <uri@samba.org> >Reviewed-by: Alexander Bokovoy <ab@samba.org> >--- > python/samba/netcmd/domain.py | 14 +++++++++++--- > 1 file changed, 11 insertions(+), 3 deletions(-) > >diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py >index 9dfbc39..06a58e3 100644 >--- a/python/samba/netcmd/domain.py >+++ b/python/samba/netcmd/domain.py >@@ -29,6 +29,7 @@ import os > import sys > import tempfile > import logging >+import subprocess > from samba.net import Net, LIBNET_JOIN_AUTOMATIC > import samba.ntacls > from samba.join import join_RODC, join_DC, join_subdomain >@@ -77,9 +78,16 @@ from samba.provision.common import ( > ) > > def get_testparm_var(testparm, smbconf, varname): >- cmd = "%s -s -l --parameter-name='%s' %s 2>/dev/null" % (testparm, varname, smbconf) >- output = os.popen(cmd, 'r').readline() >- return output.strip() >+ errfile = open(os.devnull, 'w') >+ p = subprocess.Popen([testparm, '-s', '-l', >+ '--parameter-name=%s' % varname, smbconf], >+ stdout=subprocess.PIPE, stderr=errfile) >+ (out,err) = p.communicate() >+ errfile.close() >+ lines = out.split('\n') >+ if lines: >+ return lines[0].strip() >+ return "" > > try: > import samba.dckeytab >-- >2.4.3 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=11602">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 11601
:
11597
|
11601
| 11602 |
11603