Fix CVE-2012-2095: local privilege escalation, setting arbitrary pre/post-connection scripts

2026-01-08 14:54:15 +01:00 · 2012-04-11 22:31:07 +02:00
parent 21764c7846
commit 2607442312
1 changed files with 49 additions and 8 deletions
--- a/wicd/wicd-daemon.py
+++ b/wicd/wicd-daemon.py
@@ -946,6 +946,28 @@ class WirelessDaemon(dbus.service.Object):
        self.LastScan = []
        self.config = ConfigManager(wireless_conf, debug=debug)

+        self._validProperties = (
+            'bssid',
+            'essid',
+            'hidden',
+            'channel',
+            'mode',
+            'enctype',
+            'encryption_method',
+            'key',
+            'automatic',
+            'ip',
+            'netmask',
+            'broadcast',
+            'gateway',
+            'use_static_dns',
+            'use_global_dns',
+            'dns1',
+            'dns2',
+            'dns3',
+            'use_settings_globally',
+        )
+
    def get_debug_mode(self):
        return self._debug_mode
    def set_debug_mode(self, mode):
@@ -1064,9 +1086,9 @@ class WirelessDaemon(dbus.service.Object):
    def SetWirelessProperty(self, netid, prop, value):
        """ Sets property to value in network specified. """
        # We don't write script settings here.
-        if (prop.strip()).endswith("script"):
-            print "Setting script properties through the daemon is not" \
-                  + " permitted."
+        if prop.strip() not in self._validProperties:
+            print "Trying to set invalid property (or property not " \
+                  "permitted): "+ prop.strip() + "."
            return False
        self.LastScan[netid][prop] = misc.to_unicode(misc.Noneify(value))

@@ -1355,6 +1377,25 @@ class WiredDaemon(dbus.service.Object):
        self.WiredNetwork = {}
        self.config = ConfigManager(wired_conf, debug=debug)

+        self._validProperties = (
+            'ip',
+            'broadcast',
+            'netmask',
+            'gateway',
+            'search_domain',
+            'dns_domain',
+            'dns1',
+            'dns2',
+            'dns3',
+            'encryption_enabled',
+            'default',
+            'dhcphostname',
+            'lastused',
+            'profilename',
+            'use_global_dns',
+            'use_static_dns',
+        )
+
    def get_debug_mode(self):
        return self._debug_mode
    def set_debug_mode(self, mode):
@@ -1403,14 +1444,14 @@ class WiredDaemon(dbus.service.Object):
        return str(iface)

    @dbus.service.method('org.wicd.daemon.wired')
-    def SetWiredProperty(self, property, value):
+    def SetWiredProperty(self, prop, value):
        """ Sets the given property to the given value. """
        if self.WiredNetwork:
-            if (property.strip()).endswith("script"):
-                print "Setting script properties through the daemon" \
-                      + " is not permitted."
+            if prop.strip() not in self._validProperties:
+                print "Trying to set invalid property (or property not " \
+                      "permitted): "+ prop.strip() + "."
                return False
-            self.WiredNetwork[property] = misc.to_unicode(misc.Noneify(value))
+            self.WiredNetwork[prop] = misc.to_unicode(misc.Noneify(value))
            return True
        else:
            print 'SetWiredProperty: WiredNetwork does not exist'