Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Privilege escalation in blueman dbus API #416

Closed
anisse opened this issue Dec 18, 2015 · 3 comments
Closed

Privilege escalation in blueman dbus API #416

anisse opened this issue Dec 18, 2015 · 3 comments

Comments

@anisse
Copy link

anisse commented Dec 18, 2015

Just saw this online:
https://twitter.com/thegrugq/status/677809527882813440

Seems related to this:

eval("nc.set_dhcp_handler(%s)" % dhcp_handler)

@anisse anisse changed the title Privilege escalation in blueman DBUS API Privilege escalation in blueman dbus API Dec 18, 2015
@cschramm
Copy link
Member

On it. Thanks for reporting!

cschramm added a commit that referenced this issue Dec 18, 2015
@cschramm
Copy link
Member

Could somebody (@infirit?) please review 0e9b15d? I'll put it into master and 2-0-stable and do a 2.0.3 security release then.

@infirit
Copy link
Contributor

infirit commented Dec 18, 2015

Works for me and gets rid of eval. I did make another suggestion on the commit, either one is fine by me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants