Public bug reported: Binary package hint: kdesudo
It is not clear whether or not this defect is in kdesudo or dolphin, but I will mark both and let you guys decide. STEPS: (1) In dolphin, create a folder called: "test; konqueror" (without quotes) (2) Right click it, under Actions, choose run as root WHAT HAPPENS: (1) Dolphin opens folder "test" as root (2) Konqueror, after a few seconds, pops up, running as root EXPECTED BEHAVIOR: Dolphin should just pop up navigated to the "test; konqueror" folder as root. This allows folder names to be crafted in a way that causes an unexpected command to be executed with elevated privileges when the user simply wants to navigate to that folder with elevated privileges. In IRC, fdoving and I tried various combinations of quoting the %u and kdesu arguments in /usr/share/apps/d3lphin/servicemenus/d3lphin_su.desktop but I found that every attempted workaround could be thwarted by the proper use of ", ', and `. The basic problem is that kdesu should not be interpreting its arguments as shell code, or dolphin should be shell-escaping its arguments before feeding to kdesu. ** Affects: dolphin (Ubuntu) Importance: Undecided Status: New ** Affects: kdesudo (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** Also affects: dolphin (Ubuntu) Importance: Undecided Status: New -- kdesudo+dolphin leads to command execution vulnerability https://bugs.launchpad.net/bugs/163417 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs