https://bugzilla.novell.com/show_bug.cgi?id=472752 Summary: Security issue in scr.execute Classification: openSUSE Product: openSUSE 11.1 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 AssignedTo: mvidner@novell.com ReportedBy: schubi@novell.com QAContact: jsrain@novell.com CC: lnussel@novell.com Found By: --- scr.execute (target.bash*) uses a string for the command with which all binaries and argument are defined. That's fine if it runs under the user "root". Since SCR is also available via DBUS we have to take care much more concerning the given arguments. I have talked with the security team (Ludwig :-)) and we have come to the conclusion that we need another scr.execute call which process an array of argument instead of a string. So this scr.execute could use the system call which uses a array of arguments too. Currently I am using scr.execute in this way: def Scr.execute (argument, environment=[] ) command = "LANG=en.UTF-8" environment.each do |env| command += " #{env}" end command += " /usr/lib/YaST2/bin/tty_wrapper " argument.each do |arg| command += " #{arg}" end command += " " + if ret[0][2]["exit"][2] == 1 then "1"; else "0"; end return { :stdout => ret[0][2]["stdout"][2], :stderr => ret[0][2]["stderr"][2], :exit => ret[0][2]["exit"][2]} end Martin would this be possible ? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.