diff options
| author | Keir Fraser <keir@xensource.com> | 2007-09-25 09:34:36 +0100 |
|---|---|---|
| committer | Keir Fraser <keir@xensource.com> | 2007-09-25 09:34:36 +0100 |
| commit | adbda3b6daadbb9b5d542432a7767d6a172b56dd (patch) | |
| tree | 776b61eb5c180a42ac1e4728facabc05bac79a7a /tools/pygrub/src/GrubConf.py | |
| parent | 44e7c3aa10557fd10f9125ea1d1fc324cb4dc8bd (diff) | |
| download | xen-adbda3b6daadbb9b5d542432a7767d6a172b56dd.tar.gz xen-adbda3b6daadbb9b5d542432a7767d6a172b56dd.tar.bz2 xen-adbda3b6daadbb9b5d542432a7767d6a172b56dd.zip | |
Fix security vulnerability CVE-2007-4993.
Protect pygrub from possible malicious content in guest grub
config file. This fixes CVE-2007-4993. Original patch from
Jeremy Katz, I updated to close 2 remaining issues pointed out
by Christian and Keir, and to use setattr(self, ...).
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Diffstat (limited to 'tools/pygrub/src/GrubConf.py')
| -rw-r--r-- | tools/pygrub/src/GrubConf.py | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/tools/pygrub/src/GrubConf.py b/tools/pygrub/src/GrubConf.py index d4c3c79ccf..2192be6522 100644 --- a/tools/pygrub/src/GrubConf.py +++ b/tools/pygrub/src/GrubConf.py @@ -101,7 +101,7 @@ class GrubImage(object): if self.commands.has_key(com): if self.commands[com] is not None: - exec("%s = r\"%s\"" %(self.commands[com], arg.strip())) + setattr(self, self.commands[com], arg.strip()) else: logging.info("Ignored image directive %s" %(com,)) else: @@ -142,11 +142,11 @@ class GrubImage(object): initrd = property(get_initrd, set_initrd) # set up command handlers - commands = { "title": "self.title", - "root": "self.root", - "rootnoverify": "self.root", - "kernel": "self.kernel", - "initrd": "self.initrd", + commands = { "title": "title", + "root": "root", + "rootnoverify": "root", + "kernel": "kernel", + "initrd": "initrd", "chainloader": None, "module": None} @@ -195,7 +195,7 @@ class GrubConfigFile(object): (com, arg) = grub_exact_split(l, 2) if self.commands.has_key(com): if self.commands[com] is not None: - exec("%s = r\"%s\"" %(self.commands[com], arg.strip())) + setattr(self, self.commands[com], arg.strip()) else: logging.info("Ignored directive %s" %(com,)) else: @@ -208,7 +208,7 @@ class GrubConfigFile(object): (com, arg) = grub_exact_split(line, 2) if self.commands.has_key(com): if self.commands[com] is not None: - exec("%s = r\"%s\"" %(self.commands[com], arg.strip())) + setattr(self, self.commands[com], arg.strip()) else: logging.info("Ignored directive %s" %(com,)) else: @@ -236,12 +236,12 @@ class GrubConfigFile(object): splash = property(get_splash, set_splash) # set up command handlers - commands = { "default": "self.default", - "timeout": "self.timeout", - "fallback": "self.fallback", - "hiddenmenu": "self.hiddenmenu", - "splashimage": "self.splash", - "password": "self.password" } + commands = { "default": "default", + "timeout": "timeout", + "fallback": "fallback", + "hiddenmenu": "hiddenmenu", + "splashimage": "splash", + "password": "password" } for c in ("bootp", "color", "device", "dhcp", "hide", "ifconfig", "pager", "partnew", "parttype", "rarp", "serial", "setkey", "terminal", "terminfo", "tftpserver", "unhide"): |