Network/Ifaces.pm contains: # FIXME: not good to pass directly keys to processes, # probably the network one won't be so important # to keep secret to other users. $output = &Utils::File::run_backtick ("wpa_passphrase $essid $key");
Confirmed $key and $essid are user controllable. Checked other occurrences of run_backtick(), and arguments are not user controllable. Users/Groups.pm doesn't do checking either, blackbox testing indicates the front-end does. ** Changed in: system-tools-backends (Ubuntu) Status: New => Confirmed ** Visibility changed to: Public -- breakage and possible execution of unsafe code with shell metacharacters https://bugs.launchpad.net/bugs/190628 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs