bug-gnustep
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #34490] -[NSWorkspace open*] native system integration


From: Eric Wasylishen
Subject: [bug #34490] -[NSWorkspace open*] native system integration
Date: Sat, 22 Oct 2011 21:02:57 +0000
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/534.51.22 (KHTML, like Gecko) Version/5.1.1 Safari/534.51.22

Follow-up Comment #12, bug #34490 (project gnustep):

ShellExecuteW() sounds like the right choice on win32 to me.

regarding system(), I think the main problem is format string vulnerability…
i.e. a malicious user sends you a file with a specially-consturcted filename
and tells you to open it, and the shell ends up executing a code snippet in
the filename.

for fun, here is an example with an evil filename which deletes a file called
test.xxx in the current directory (you can actually create a file with that
name, at least on os x):

#include <stdlib.h>
#include <stdio.h>

void innocent_open_file(char *file)
{
        char buf[1024];
        sprintf(buf, "echo '%s'", file);

        printf("calling system("%s");n", buf);
        system(buf);
}

int main(int argc, const char **argv)
{
        char *evilfilename = "deleting file...'; rm test.xxx; echo 'done.";
        innocent_open_file(evilfilename);
        return 0;
}


    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?34490>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/




reply via email to

[Prev in Thread] Current Thread [Next in Thread]