Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix arbitrary execution via dbus security flaw #2017

Merged
merged 1 commit into from Jan 27, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
Fix arbitrary execution via dbus security flaw
Highlighted in #1796. Also removed comments that won't be true or relevant with this change. These changes orphan the execute_command_by_uuid() method, but the method can probably still be used elsewhere.
  • Loading branch information
Davidy22 committed Jan 21, 2022
commit e3d671120bfe7ba28f50e256cc5e8a629781b888
12 changes: 0 additions & 12 deletions guake/dbusiface.py
Expand Up @@ -153,10 +153,6 @@ def reset_colors_current(self):
self.guake.reset_terminal_custom_colors(current_terminal=True)
self.guake.set_colors_from_settings_on_page(current_terminal_only=True)

@dbus.service.method(DBUS_NAME, in_signature="s")
def execute_command(self, command):
self.guake.execute_command(command)

@dbus.service.method(DBUS_NAME, in_signature="i", out_signature="s")
def get_tab_name(self, tab_index=0):
return self.guake.get_notebook().get_tab_text_index(tab_index)
Expand Down Expand Up @@ -193,18 +189,10 @@ def get_gtktab_name(self, tab_index=0):
def get_selected_uuidtab(self):
return self.guake.get_selected_uuidtab()

@dbus.service.method(DBUS_NAME, in_signature="ss")
def execute_command_by_uuid(self, tab_uuid, command):
self.guake.execute_command_by_uuid(tab_uuid, command)

@dbus.service.method(DBUS_NAME)
def v_split_current_terminal(self):
self.guake.get_notebook().get_current_terminal().get_parent().split_v()

@dbus.service.method(DBUS_NAME)
def h_split_current_terminal(self):
self.guake.get_notebook().get_current_terminal().get_parent().split_h()

@dbus.service.method(DBUS_NAME, in_signature="s")
def execute_command_current_termbox(self, command):
self.guake.get_notebook().get_current_terminal().execute_command(command)
4 changes: 0 additions & 4 deletions guake/guake_app.py
Expand Up @@ -457,14 +457,11 @@ def change_palette_name(self, palette_name):
self.set_colors_from_settings()

def execute_command(self, command, tab=None):
# TODO DBUS_ONLY
"""Execute the `command' in the `tab'. If tab is None, the
command will be executed in the currently selected
tab. Command should end with '\n', otherwise it will be
appended to the string.
"""
# TODO CONTEXTMENU this has to be rewriten and only serves the
# dbus interface, maybe this should be moved to dbusinterface.py
if not self.get_notebook().has_page():
self.add_tab()

Expand All @@ -475,7 +472,6 @@ def execute_command(self, command, tab=None):
terminal.feed_child(command)

def execute_command_by_uuid(self, tab_uuid, command):
# TODO DBUS_ONLY
"""Execute the `command' in the tab whose terminal has the `tab_uuid' uuid"""
if command[-1] != "\n":
command += "\n"
Expand Down
@@ -0,0 +1,3 @@
security:
- |
Fixed security Issue: Exposure of sensitive function, malicious user can arbitrary command via an execute_command d-bus method. #1796