WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-changelog

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-changelog] [xen-3.1-testing] Fix security vulnerability CVE-2007-49

from [Xen patchbot-3.1-testing] [Permanent Link][Original]
To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-3.1-testing] Fix security vulnerability CVE-2007-4993.
From: "Xen patchbot-3.1-testing" <patchbot-3.1-testing@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 27 Sep 2007 09:40:34 -0700
Delivery-date: Thu, 27 Sep 2007 09:41:12 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx 
# HG changeset patch
# User Keir Fraser <keir@xxxxxxxxxxxxx>
# Date 1190709614 -3600
# Node ID e441bb07066c826bd74b057768cfa916f558ceec
# Parent  02a3eb16f695503c5355885aecb07b32f58db41e
Fix security vulnerability CVE-2007-4993.

Protect pygrub from possible malicious content in guest grub
config file.  This fixes CVE-2007-4993.  Original patch from
Jeremy Katz, I updated to close 2 remaining issues pointed out
by Christian and Keir, and to use setattr(self, ...).

Signed-off-by: Chris Wright <chrisw@xxxxxxxxxxxx>
xen-unstable changeset:   15953:70bb28b62ffb01d929166a5a37129efc5445c593
xen-unstable date:        Tue Sep 25 09:34:36 2007 +0100
---
 tools/pygrub/src/GrubConf.py |   28 ++++++++++++++--------------
 tools/pygrub/src/LiloConf.py |   16 ++++++++--------
 2 files changed, 22 insertions(+), 22 deletions(-)

diff -r 02a3eb16f695 -r e441bb07066c tools/pygrub/src/GrubConf.py
--- a/tools/pygrub/src/GrubConf.py      Mon Sep 24 21:50:00 2007 +0100
+++ b/tools/pygrub/src/GrubConf.py      Tue Sep 25 09:40:14 2007 +0100
@@ -101,7 +101,7 @@ class GrubImage(object):
 
         if self.commands.has_key(com):
             if self.commands[com] is not None:
-                exec("%s = r\"%s\"" %(self.commands[com], arg.strip()))
+                setattr(self, self.commands[com], arg.strip())
             else:
                 logging.info("Ignored image directive %s" %(com,))
         else:
@@ -142,11 +142,11 @@ class GrubImage(object):
     initrd = property(get_initrd, set_initrd)
 
     # set up command handlers
-    commands = { "title": "self.title",
-                 "root": "self.root",
-                 "rootnoverify": "self.root",
-                 "kernel": "self.kernel",
-                 "initrd": "self.initrd",
+    commands = { "title": "title",
+                 "root": "root",
+                 "rootnoverify": "root",
+                 "kernel": "kernel",
+                 "initrd": "initrd",
                  "chainloader": None,
                  "module": None}
         
@@ -195,7 +195,7 @@ class GrubConfigFile(object):
             (com, arg) = grub_exact_split(l, 2)
             if self.commands.has_key(com):
                 if self.commands[com] is not None:
-                    exec("%s = r\"%s\"" %(self.commands[com], arg.strip()))
+                    setattr(self, self.commands[com], arg.strip())
                 else:
                     logging.info("Ignored directive %s" %(com,))
             else:
@@ -208,7 +208,7 @@ class GrubConfigFile(object):
         (com, arg) = grub_exact_split(line, 2)
         if self.commands.has_key(com):
             if self.commands[com] is not None:
-                exec("%s = r\"%s\"" %(self.commands[com], arg.strip()))
+                setattr(self, self.commands[com], arg.strip())
             else:
                 logging.info("Ignored directive %s" %(com,))
         else:
@@ -236,12 +236,12 @@ class GrubConfigFile(object):
     splash = property(get_splash, set_splash)
 
     # set up command handlers
-    commands = { "default": "self.default",
-                 "timeout": "self.timeout",
-                 "fallback": "self.fallback",
-                 "hiddenmenu": "self.hiddenmenu",
-                 "splashimage": "self.splash",
-                 "password": "self.password" }
+    commands = { "default": "default",
+                 "timeout": "timeout",
+                 "fallback": "fallback",
+                 "hiddenmenu": "hiddenmenu",
+                 "splashimage": "splash",
+                 "password": "password" }
     for c in ("bootp", "color", "device", "dhcp", "hide", "ifconfig",
               "pager", "partnew", "parttype", "rarp", "serial",
               "setkey", "terminal", "terminfo", "tftpserver", "unhide"):
diff -r 02a3eb16f695 -r e441bb07066c tools/pygrub/src/LiloConf.py
--- a/tools/pygrub/src/LiloConf.py      Mon Sep 24 21:50:00 2007 +0100
+++ b/tools/pygrub/src/LiloConf.py      Tue Sep 25 09:40:14 2007 +0100
@@ -30,7 +30,7 @@ class LiloImage(object):
 
         if self.commands.has_key(com):
             if self.commands[com] is not None:
-                exec("%s = r\'%s\'" %(self.commands[com], re.sub('^"(.+)"$', 
r"\1", arg.strip())))
+                setattr(self, self.commands[com], re.sub('^"(.+)"$', r"\1", 
arg.strip()))
             else:
                 logging.info("Ignored image directive %s" %(com,))
         else:
@@ -56,12 +56,12 @@ class LiloImage(object):
     initrd = property(get_initrd, set_initrd)
 
     # set up command handlers
-    commands = { "label": "self.title",
-                 "root": "self.root",
-                 "rootnoverify": "self.root",
-                 "image": "self.kernel",
-                 "initrd": "self.initrd",
-                 "append": "self.args",
+    commands = { "label": "title",
+                 "root": "root",
+                 "rootnoverify": "root",
+                 "image": "kernel",
+                 "initrd": "initrd",
+                 "append": "args",
                  "read-only": None,
                  "chainloader": None,
                  "module": None}
@@ -111,7 +111,7 @@ class LiloConfigFile(object):
             (com, arg) = GrubConf.grub_exact_split(l, 2)
             if self.commands.has_key(com):
                 if self.commands[com] is not None:
-                    exec("%s = r\"%s\"" %(self.commands[com], arg.strip()))
+                    setattr(self, self.commands[com], arg.strip())
                 else:
                     logging.info("Ignored directive %s" %(com,))
             else:

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-3.1-testing] Fix security vulnerability CVE-2007-4993., Xen patchbot-3.1-testing <=
Previous by Date:  [Xen-changelog] [xen-3.1-testing] Update version string for 3.1.1-rc2, Xen patchbot-3.1-testing
Next by Date:  [Xen-changelog] [xen-3.1-testing] Added tag 3.1.1-rc2 for changeset 5cf1ab6e019de130a8a9977fea91076a7765a3d4, Xen patchbot-3.1-testing
Previous by Thread:  [Xen-changelog] [xen-3.1-testing] Update version string for 3.1.1-rc2, Xen patchbot-3.1-testing
Next by Thread:  [Xen-changelog] [xen-3.1-testing] Added tag 3.1.1-rc2 for changeset 5cf1ab6e019de130a8a9977fea91076a7765a3d4, Xen patchbot-3.1-testing
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy