gryf/wicd
1
0
Fork 0
mirror of https://github.com/gryf/wicd.git synced 2025-12-19 12:28:08 +01:00
Code Issues Projects Releases Wiki Activity

Really fix the privilege escalation in a better way

Browse Source
This commit is contained in:
David Paleino
2012-04-30 21:20:47 +02:00
parent c4bf598566
commit ac26e3cc54
2 changed files with 10 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
wicd/misc.py
View File

@@ -26,6 +26,7 @@ import os
import locale import locale
import sys import sys
import re import re
import string
import gobject import gobject
from threading import Thread from threading import Thread
from subprocess import Popen, STDOUT, PIPE, call from subprocess import Popen, STDOUT, PIPE, call
@@ -427,11 +428,9 @@ def noneToString(text):
def sanitize_config(s): def sanitize_config(s):
""" Sanitize property names to be used in config-files. """ """ Sanitize property names to be used in config-files. """
s = s.strip() allowed = string.ascii_letters + '_' + string.digits
s = s.replace('=', '') table = string.maketrans(allowed, ' ' * len(allowed))
s = s.replace(' ', '') return s.translate(None, table)
s = s.replace('\n', '')
return s
def sanitize_escaped(s): def sanitize_escaped(s):
""" Sanitize double-escaped unicode strings. """ """ Sanitize double-escaped unicode strings. """

9
wicd/wicd-daemon.py
View File

@@ -1064,7 +1064,8 @@ class WirelessDaemon(dbus.service.Object):
def SetWirelessProperty(self, netid, prop, value): def SetWirelessProperty(self, netid, prop, value):
""" Sets property to value in network specified. """ """ Sets property to value in network specified. """
# We don't write script settings here. # We don't write script settings here.
if misc.sanitize_config(prop).endswith('script'): prop = misc.sanitize_config(prop)
if prop.endswith('script'):
print 'Setting script properties through the daemon' \ print 'Setting script properties through the daemon' \
+ ' is not permitted.' + ' is not permitted.'
return False return False
@@ -1264,7 +1265,8 @@ class WirelessDaemon(dbus.service.Object):
@dbus.service.method('org.wicd.daemon.wireless') @dbus.service.method('org.wicd.daemon.wireless')
def SaveWirelessNetworkProperty(self, id, option): def SaveWirelessNetworkProperty(self, id, option):
""" Writes a particular wireless property to disk. """ """ Writes a particular wireless property to disk. """
if (option.strip()).endswith("script"): option = misc.sanitize_config(option)
if option.endswith("script"):
print 'You cannot save script information to disk through ' + \ print 'You cannot save script information to disk through ' + \
'the daemon.' 'the daemon.'
return return
@@ -1406,7 +1408,8 @@ class WiredDaemon(dbus.service.Object):
def SetWiredProperty(self, prop, value): def SetWiredProperty(self, prop, value):
""" Sets the given property to the given value. """ """ Sets the given property to the given value. """
if self.WiredNetwork: if self.WiredNetwork:
if misc.sanitize_config(prop).endswith('script'): prop = misc.sanitize_config(prop)
if prop.endswith('script'):
print 'Setting script properties through the daemon' \ print 'Setting script properties through the daemon' \
+ ' is not permitted.' + ' is not permitted.'
return False return False