diff options
author | Keir Fraser <keir@xensource.com> | 2007-09-25 09:34:36 +0100 |
---|---|---|
committer | Keir Fraser <keir@xensource.com> | 2007-09-25 09:34:36 +0100 |
commit | adbda3b6daadbb9b5d542432a7767d6a172b56dd (patch) | |
tree | 776b61eb5c180a42ac1e4728facabc05bac79a7a /tools/pygrub/src/LiloConf.py | |
parent | 44e7c3aa10557fd10f9125ea1d1fc324cb4dc8bd (diff) | |
download | xen-adbda3b6daadbb9b5d542432a7767d6a172b56dd.tar.gz xen-adbda3b6daadbb9b5d542432a7767d6a172b56dd.tar.bz2 xen-adbda3b6daadbb9b5d542432a7767d6a172b56dd.zip |
Fix security vulnerability CVE-2007-4993.
Protect pygrub from possible malicious content in guest grub
config file. This fixes CVE-2007-4993. Original patch from
Jeremy Katz, I updated to close 2 remaining issues pointed out
by Christian and Keir, and to use setattr(self, ...).
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Diffstat (limited to 'tools/pygrub/src/LiloConf.py')
-rw-r--r-- | tools/pygrub/src/LiloConf.py | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/tools/pygrub/src/LiloConf.py b/tools/pygrub/src/LiloConf.py index 2dde05825a..deb94998b9 100644 --- a/tools/pygrub/src/LiloConf.py +++ b/tools/pygrub/src/LiloConf.py @@ -31,7 +31,7 @@ class LiloImage(object): if self.commands.has_key(com): if self.commands[com] is not None: - exec("%s = r\'%s\'" %(self.commands[com], re.sub('^"(.+)"$', r"\1", arg.strip()))) + setattr(self, self.commands[com], re.sub('^"(.+)"$', r"\1", arg.strip())) else: logging.info("Ignored image directive %s" %(com,)) else: @@ -74,13 +74,13 @@ class LiloImage(object): readonly = property(get_readonly, set_readonly) # set up command handlers - commands = { "label": "self.title", - "root": "self.root", - "rootnoverify": "self.root", - "image": "self.kernel", - "initrd": "self.initrd", - "append": "self.args", - "read-only": "self.readonly", + commands = { "label": "title", + "root": "root", + "rootnoverify": "root", + "image": "kernel", + "initrd": "initrd", + "append": "args", + "read-only": "readonly", "chainloader": None, "module": None} @@ -129,7 +129,7 @@ class LiloConfigFile(object): (com, arg) = GrubConf.grub_exact_split(l, 2) if self.commands.has_key(com): if self.commands[com] is not None: - exec("%s = r\"%s\"" %(self.commands[com], arg.strip())) + setattr(self, self.commands[com], arg.strip()) else: logging.info("Ignored directive %s" %(com,)) else: |