lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20031015190113.GA1884@satellite.workgroup.fr>
From: eguaj at free.fr (Jérôme Augé)
Subject: Gaim festival plugin exploit

On Wed, Oct 15, 2003 at 05:29:55PM +0200, error wrote:
> 
> So a fixed version would look like this:
> 
> AIM::register("Festival TTS", "0.0.1", "goodbye", "");
> AIM::print("Perl Says", "Loaded Festival TTS");
> AIM::command("idle", "60000") if ($pro ne "Offline");
> AIM::add_event_handler("event_im_recv", "synthesize");
> 
> sub goodbye {
> 	AIM::print("Module Unloaded", "Unloaded Festival TTS");
> }
> 
> sub synthesize {
>     my $string = $_[0];
>     $string =~ s/\<.*?\>//g;
>     $string =~ s/\".*\"//;
>     $string =~ s/[^\w]//g;
>     system("echo \"$string\" | /usr/bin/festival --tts");
> }
> 

Removing all the non-word characters is of course effective, but it 's a
little bit ? restrictive ? no ?

A less ? restrictive ? but still ? secure ? way might be to not use the
system() function at all :
  
  open(FESTIVAL, "|-", "/usr/bin/festival --tts");
  print FESTIVAL "$string\n";
  close FESTIVAL;

That way you keep your original message intact with the punctuation
characters, and you are immune to shell code injection... and ban this
system() call with only one argument :)

Regards,
J?r?me

-- 
"Res publica non dominetur"


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ