WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-changelog

[Xen-changelog] [xen-unstable] Fix security vulnerability CVE-2007-4993.

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] Fix security vulnerability CVE-2007-4993.
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 26 Sep 2007 03:41:35 -0700
Delivery-date: Wed, 26 Sep 2007 04:29:12 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Keir Fraser <keir@xxxxxxxxxxxxx>
# Date 1190709276 -3600
# Node ID 70bb28b62ffb01d929166a5a37129efc5445c593
# Parent  55c45361bbe32d3046e1245415dded998ce057e4
Fix security vulnerability CVE-2007-4993.

Protect pygrub from possible malicious content in guest grub
config file.  This fixes CVE-2007-4993.  Original patch from
Jeremy Katz, I updated to close 2 remaining issues pointed out
by Christian and Keir, and to use setattr(self, ...).

Signed-off-by: Chris Wright <chrisw@xxxxxxxxxxxx>
---
 tools/pygrub/src/GrubConf.py |   28 ++++++++++++++--------------
 tools/pygrub/src/LiloConf.py |   18 +++++++++---------
 2 files changed, 23 insertions(+), 23 deletions(-)

diff -r 55c45361bbe3 -r 70bb28b62ffb tools/pygrub/src/GrubConf.py
--- a/tools/pygrub/src/GrubConf.py      Tue Sep 25 09:30:00 2007 +0100
+++ b/tools/pygrub/src/GrubConf.py      Tue Sep 25 09:34:36 2007 +0100
@@ -101,7 +101,7 @@ class GrubImage(object):
 
         if self.commands.has_key(com):
             if self.commands[com] is not None:
-                exec("%s = r\"%s\"" %(self.commands[com], arg.strip()))
+                setattr(self, self.commands[com], arg.strip())
             else:
                 logging.info("Ignored image directive %s" %(com,))
         else:
@@ -142,11 +142,11 @@ class GrubImage(object):
     initrd = property(get_initrd, set_initrd)
 
     # set up command handlers
-    commands = { "title": "self.title",
-                 "root": "self.root",
-                 "rootnoverify": "self.root",
-                 "kernel": "self.kernel",
-                 "initrd": "self.initrd",
+    commands = { "title": "title",
+                 "root": "root",
+                 "rootnoverify": "root",
+                 "kernel": "kernel",
+                 "initrd": "initrd",
                  "chainloader": None,
                  "module": None}
         
@@ -195,7 +195,7 @@ class GrubConfigFile(object):
             (com, arg) = grub_exact_split(l, 2)
             if self.commands.has_key(com):
                 if self.commands[com] is not None:
-                    exec("%s = r\"%s\"" %(self.commands[com], arg.strip()))
+                    setattr(self, self.commands[com], arg.strip())
                 else:
                     logging.info("Ignored directive %s" %(com,))
             else:
@@ -208,7 +208,7 @@ class GrubConfigFile(object):
         (com, arg) = grub_exact_split(line, 2)
         if self.commands.has_key(com):
             if self.commands[com] is not None:
-                exec("%s = r\"%s\"" %(self.commands[com], arg.strip()))
+                setattr(self, self.commands[com], arg.strip())
             else:
                 logging.info("Ignored directive %s" %(com,))
         else:
@@ -236,12 +236,12 @@ class GrubConfigFile(object):
     splash = property(get_splash, set_splash)
 
     # set up command handlers
-    commands = { "default": "self.default",
-                 "timeout": "self.timeout",
-                 "fallback": "self.fallback",
-                 "hiddenmenu": "self.hiddenmenu",
-                 "splashimage": "self.splash",
-                 "password": "self.password" }
+    commands = { "default": "default",
+                 "timeout": "timeout",
+                 "fallback": "fallback",
+                 "hiddenmenu": "hiddenmenu",
+                 "splashimage": "splash",
+                 "password": "password" }
     for c in ("bootp", "color", "device", "dhcp", "hide", "ifconfig",
               "pager", "partnew", "parttype", "rarp", "serial",
               "setkey", "terminal", "terminfo", "tftpserver", "unhide"):
diff -r 55c45361bbe3 -r 70bb28b62ffb tools/pygrub/src/LiloConf.py
--- a/tools/pygrub/src/LiloConf.py      Tue Sep 25 09:30:00 2007 +0100
+++ b/tools/pygrub/src/LiloConf.py      Tue Sep 25 09:34:36 2007 +0100
@@ -31,7 +31,7 @@ class LiloImage(object):
 
         if self.commands.has_key(com):
             if self.commands[com] is not None:
-                exec("%s = r\'%s\'" %(self.commands[com], re.sub('^"(.+)"$', 
r"\1", arg.strip())))
+                setattr(self, self.commands[com], re.sub('^"(.+)"$', r"\1", 
arg.strip()))
             else:
                 logging.info("Ignored image directive %s" %(com,))
         else:
@@ -74,13 +74,13 @@ class LiloImage(object):
     readonly = property(get_readonly, set_readonly)
 
     # set up command handlers
-    commands = { "label": "self.title",
-                 "root": "self.root",
-                 "rootnoverify": "self.root",
-                 "image": "self.kernel",
-                 "initrd": "self.initrd",
-                 "append": "self.args",
-                 "read-only": "self.readonly",
+    commands = { "label": "title",
+                 "root": "root",
+                 "rootnoverify": "root",
+                 "image": "kernel",
+                 "initrd": "initrd",
+                 "append": "args",
+                 "read-only": "readonly",
                  "chainloader": None,
                  "module": None}
 
@@ -129,7 +129,7 @@ class LiloConfigFile(object):
             (com, arg) = GrubConf.grub_exact_split(l, 2)
             if self.commands.has_key(com):
                 if self.commands[com] is not None:
-                    exec("%s = r\"%s\"" %(self.commands[com], arg.strip()))
+                    setattr(self, self.commands[com], arg.strip())
                 else:
                     logging.info("Ignored directive %s" %(com,))
             else:

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] Fix security vulnerability CVE-2007-4993., Xen patchbot-unstable <=