It was an honor to help you :-) Maybe it would be an good idea to think about 'quoting' each and every parameter before it's passed to command ? https://docs.python.org/3/library/shlex.html#shlex.quote
with best reagrds Bernd -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1410839 Title: Shell Command injection in ufw_backend.py To manage notifications about this bug go to: https://bugs.launchpad.net/gui-ufw/+bug/1410839/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
