Bug#513419: nautilus-python: CVE-2009-0317 untrusted search path vulnerability

Thu, 29 Jan 2009 01:23:15 -0800 

Hey *,

On Wed, 28 Jan 2009 23:12:16 +0100 Nico Golde wrote:

> CVE-2009-0317[0]:
> | Untrusted search path vulnerability in the Python language bindings
> | for Nautilus (nautilus-python) allows local users to execute arbitrary
> | code via a Trojan horse Python file in the current working directory,
> | related to a vulnerability in the PySys_SetArgv function
> | (CVE-2008-5983).
> 
> To fix this you need to patch src/nautilus-python.c in the 
> same way as 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=CVE-2009-0318.patch;att=1;bug=513418
> should be sufficient.

Attached is a patch against current version of nautilus-python in
testing/unstable that fixes the issue.
I also attach a patch against 0.5.0 in experimental, but this one is
untested.

Regards
Evgeni

-- 
Bruce Schneier Fact Number 37:
Bruce Schneier's public and private keys are known as "Law" and "Order."

--- nautilus-python-0.5.0/src/nautilus-python.c	2008-01-11 12:26:55.000000000 +0100
+++ nautilus-python-0.5.0/src/nautilus-python.c.new	2009-01-29 10:16:13.000000000 +0100
@@ -223,6 +223,8 @@
 		return FALSE;
 	}
 
+	PyRun_SimpleString("import sys; sys.path = filter(None, sys.path)");
+
 	/* pygtk.require("2.0") */
 	debug("pygtk.require(\"2.0\")");
 	pygtk = PyImport_ImportModule("pygtk");

diff -u nautilus-python-0.4.3/debian/changelog nautilus-python-0.4.3/debian/changelog
--- nautilus-python-0.4.3/debian/changelog
+++ nautilus-python-0.4.3/debian/changelog
@@ -1,3 +1,11 @@
+nautilus-python (0.4.3-3.2) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Fix CVE-2009-0317: untrusted search path vulnerability.
+    Closes: #513419
+
+ -- Evgeni Golov <sarge...@die-welt.net>  Thu, 29 Jan 2009 09:47:39 +0100
+
 nautilus-python (0.4.3-3.1) unstable; urgency=low
 
   * Non-maintainer upload, ACKed by maintainer.
only in patch2:
unchanged:
--- nautilus-python-0.4.3.orig/debian/patches/50_CVE-2009-0317_untrusted_search_path_vulnerability.patch
+++ nautilus-python-0.4.3/debian/patches/50_CVE-2009-0317_untrusted_search_path_vulnerability.patch
@@ -0,0 +1,10 @@
+--- a/src/nautilus-python.c	2006-02-15 22:25:20.000000000 +0100
++++ b/src/nautilus-python.c	2009-01-29 09:46:13.000000000 +0100
+@@ -134,6 +134,7 @@
+ 
+ 	Py_Initialize();
+ 	PySys_SetArgv(1, argv);
++	PyRun_SimpleString("import sys; sys.path = filter(None, sys.path)");
+ 
+ 	/* pygtk.require("2.0") */
+ 	pygtk = PyImport_ImportModule("pygtk");

Attachment: pgpEPkE63VgNH.pgp
Description: PGP signature

Reply via email to