Fix security vulnerability CVE-2007-4993.

Protect pygrub from possible malicious content in guest grub config file. This fixes CVE-2007-4993. Original patch from Jeremy Katz, I updated to close 2 remaining issues pointed out by Christian and Keir, and to use setattr(self, ...). Signed-off-by: Chris Wright <chrisw@sous-sol.org>
author: Keir Fraser <keir@xensource.com> 2007-09-25 09:34:36 +0100
committer: Keir Fraser <keir@xensource.com> 2007-09-25 09:34:36 +0100
commit: adbda3b6daadbb9b5d542432a7767d6a172b56dd (patch)
tree: 776b61eb5c180a42ac1e4728facabc05bac79a7a /tools/pygrub/src/LiloConf.py
parent: 44e7c3aa10557fd10f9125ea1d1fc324cb4dc8bd (diff)
download: xen-adbda3b6daadbb9b5d542432a7767d6a172b56dd.tar.gz
xen-adbda3b6daadbb9b5d542432a7767d6a172b56dd.tar.bz2
xen-adbda3b6daadbb9b5d542432a7767d6a172b56dd.zip
1 files changed, 9 insertions, 9 deletions
diff --git a/tools/pygrub/src/LiloConf.py b/tools/pygrub/src/LiloConf.py
index 2dde05825a..deb94998b9 100644
--- a/tools/pygrub/src/LiloConf.py
+++ b/tools/pygrub/src/LiloConf.py
@@ -31,7 +31,7 @@ class LiloImage(object):
 
         if self.commands.has_key(com):
             if self.commands[com] is not None:
-                exec("%s = r\'%s\'" %(self.commands[com], re.sub('^"(.+)"$', r"\1", arg.strip())))
+                setattr(self, self.commands[com], re.sub('^"(.+)"$', r"\1", arg.strip()))
             else:
                 logging.info("Ignored image directive %s" %(com,))
         else:
@@ -74,13 +74,13 @@ class LiloImage(object):
     readonly = property(get_readonly, set_readonly)
 
     # set up command handlers
-    commands = { "label": "self.title",
-                 "root": "self.root",
-                 "rootnoverify": "self.root",
-                 "image": "self.kernel",
-                 "initrd": "self.initrd",
-                 "append": "self.args",
-                 "read-only": "self.readonly",
+    commands = { "label": "title",
+                 "root": "root",
+                 "rootnoverify": "root",
+                 "image": "kernel",
+                 "initrd": "initrd",
+                 "append": "args",
+                 "read-only": "readonly",
                  "chainloader": None,
                  "module": None}
 
@@ -129,7 +129,7 @@ class LiloConfigFile(object):
             (com, arg) = GrubConf.grub_exact_split(l, 2)
             if self.commands.has_key(com):
                 if self.commands[com] is not None:
-                    exec("%s = r\"%s\"" %(self.commands[com], arg.strip()))
+                    setattr(self, self.commands[com], arg.strip())
                 else:
                     logging.info("Ignored directive %s" %(com,))
             else:
author	Keir Fraser <keir@xensource.com>	2007-09-25 09:34:36 +0100
committer	Keir Fraser <keir@xensource.com>	2007-09-25 09:34:36 +0100
commit	adbda3b6daadbb9b5d542432a7767d6a172b56dd (patch)
tree	776b61eb5c180a42ac1e4728facabc05bac79a7a /tools/pygrub/src/LiloConf.py
parent	44e7c3aa10557fd10f9125ea1d1fc324cb4dc8bd (diff)
download	xen-adbda3b6daadbb9b5d542432a7767d6a172b56dd.tar.gz xen-adbda3b6daadbb9b5d542432a7767d6a172b56dd.tar.bz2 xen-adbda3b6daadbb9b5d542432a7767d6a172b56dd.zip