https://bugzilla.novell.com/show_bug.cgi?id=439058 Summary: zypper shell escape issue - potential security issue Product: openSUSE 11.0 Version: Final Platform: x86-64 OS/Version: openSUSE 11.0 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: jnelson-suse@jamponi.net QAContact: qa@suse.de Found By: --- I noticed that, while the GUI (QT Yast) tools seem to work fine, using 'zypper ref' I see this: Error building the cache database: repo2solv.sh '/var/cache/zypp/raw/jnelson-suse's_home_1' > '/var/cache/zypp/solv/jnelson-suse's_home_1/solv' /usr/bin/repo2solv.sh: line 34: cd: /var/cache/zypp/raw/jnelson-suses_home_1 > /var/cache/zypp/solv/jnelson-suses_home_1/solv: No such file or directory Skipping repository 'jnelson-suse's home' because of the above error. Obviously there is a shell quoting issue and, furthermore, it may be possible to take advantage of this to break out of the shell. machine:/etc/zypp/repos.d # cat jnelson-suse\'s_home_1.repo [jnelson-suse's_home_1] name=jnelson-suse's home baseurl=http://download.opensuse.org/repositories/home%3a/jnelson-suse/openSUSE11.0/ path=/ type=rpm-md enabled=1 autorefresh=1 gpgcheck=1 keeppackages=0 machine:/etc/zypp/repos.d # -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.