# HG changeset patch
# User Keir Fraser <keir@xxxxxxxxxxxxx>
# Date 1190709276 -3600
# Node ID 70bb28b62ffb01d929166a5a37129efc5445c593
# Parent 55c45361bbe32d3046e1245415dded998ce057e4
Fix security vulnerability CVE-2007-4993.
Protect pygrub from possible malicious content in guest grub
config file. This fixes CVE-2007-4993. Original patch from
Jeremy Katz, I updated to close 2 remaining issues pointed out
by Christian and Keir, and to use setattr(self, ...).
Signed-off-by: Chris Wright <chrisw@xxxxxxxxxxxx>
---
tools/pygrub/src/GrubConf.py | 28 ++++++++++++++--------------
tools/pygrub/src/LiloConf.py | 18 +++++++++---------
2 files changed, 23 insertions(+), 23 deletions(-)
diff -r 55c45361bbe3 -r 70bb28b62ffb tools/pygrub/src/GrubConf.py
--- a/tools/pygrub/src/GrubConf.py Tue Sep 25 09:30:00 2007 +0100
+++ b/tools/pygrub/src/GrubConf.py Tue Sep 25 09:34:36 2007 +0100
@@ -101,7 +101,7 @@ class GrubImage(object):
if self.commands.has_key(com):
if self.commands[com] is not None:
- exec("%s = r\"%s\"" %(self.commands[com], arg.strip()))
+ setattr(self, self.commands[com], arg.strip())
else:
logging.info("Ignored image directive %s" %(com,))
else:
@@ -142,11 +142,11 @@ class GrubImage(object):
initrd = property(get_initrd, set_initrd)
# set up command handlers
- commands = { "title": "self.title",
- "root": "self.root",
- "rootnoverify": "self.root",
- "kernel": "self.kernel",
- "initrd": "self.initrd",
+ commands = { "title": "title",
+ "root": "root",
+ "rootnoverify": "root",
+ "kernel": "kernel",
+ "initrd": "initrd",
"chainloader": None,
"module": None}
@@ -195,7 +195,7 @@ class GrubConfigFile(object):
(com, arg) = grub_exact_split(l, 2)
if self.commands.has_key(com):
if self.commands[com] is not None:
- exec("%s = r\"%s\"" %(self.commands[com], arg.strip()))
+ setattr(self, self.commands[com], arg.strip())
else:
logging.info("Ignored directive %s" %(com,))
else:
@@ -208,7 +208,7 @@ class GrubConfigFile(object):
(com, arg) = grub_exact_split(line, 2)
if self.commands.has_key(com):
if self.commands[com] is not None:
- exec("%s = r\"%s\"" %(self.commands[com], arg.strip()))
+ setattr(self, self.commands[com], arg.strip())
else:
logging.info("Ignored directive %s" %(com,))
else:
@@ -236,12 +236,12 @@ class GrubConfigFile(object):
splash = property(get_splash, set_splash)
# set up command handlers
- commands = { "default": "self.default",
- "timeout": "self.timeout",
- "fallback": "self.fallback",
- "hiddenmenu": "self.hiddenmenu",
- "splashimage": "self.splash",
- "password": "self.password" }
+ commands = { "default": "default",
+ "timeout": "timeout",
+ "fallback": "fallback",
+ "hiddenmenu": "hiddenmenu",
+ "splashimage": "splash",
+ "password": "password" }
for c in ("bootp", "color", "device", "dhcp", "hide", "ifconfig",
"pager", "partnew", "parttype", "rarp", "serial",
"setkey", "terminal", "terminfo", "tftpserver", "unhide"):
diff -r 55c45361bbe3 -r 70bb28b62ffb tools/pygrub/src/LiloConf.py
--- a/tools/pygrub/src/LiloConf.py Tue Sep 25 09:30:00 2007 +0100
+++ b/tools/pygrub/src/LiloConf.py Tue Sep 25 09:34:36 2007 +0100
@@ -31,7 +31,7 @@ class LiloImage(object):
if self.commands.has_key(com):
if self.commands[com] is not None:
- exec("%s = r\'%s\'" %(self.commands[com], re.sub('^"(.+)"$',
r"\1", arg.strip())))
+ setattr(self, self.commands[com], re.sub('^"(.+)"$', r"\1",
arg.strip()))
else:
logging.info("Ignored image directive %s" %(com,))
else:
@@ -74,13 +74,13 @@ class LiloImage(object):
readonly = property(get_readonly, set_readonly)
# set up command handlers
- commands = { "label": "self.title",
- "root": "self.root",
- "rootnoverify": "self.root",
- "image": "self.kernel",
- "initrd": "self.initrd",
- "append": "self.args",
- "read-only": "self.readonly",
+ commands = { "label": "title",
+ "root": "root",
+ "rootnoverify": "root",
+ "image": "kernel",
+ "initrd": "initrd",
+ "append": "args",
+ "read-only": "readonly",
"chainloader": None,
"module": None}
@@ -129,7 +129,7 @@ class LiloConfigFile(object):
(com, arg) = GrubConf.grub_exact_split(l, 2)
if self.commands.has_key(com):
if self.commands[com] is not None:
- exec("%s = r\"%s\"" %(self.commands[com], arg.strip()))
+ setattr(self, self.commands[com], arg.strip())
else:
logging.info("Ignored directive %s" %(com,))
else:
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|