[pkg-fgfs-crew] Bug#780712: flightgear: permissive file access allowed from nasal
Markus Wanner
markus at bluegap.ch
Wed Mar 18 09:20:05 UTC 2015
Package: flightgear
Version: 3.0.0-1
Severity: grave
Tags: security
Upstream has reported two related security issues in how FlightGear
restricts what files Nasal (its built-in scripting language for
aircraft) can access.
This bug is tracking the portion related to the flightgear source package:
-fgValidatePath uses a property listener to do the checking, and while
io.nas blocks direct removal of that listener, this can be bypassed by
deleting the entire property node.
Effect: Can read or write any file as the user (= arbitrary code execution).
Fix: flightgear 6a30e7086ea2f1a060dd77dab6e7e8a15b43e82d
Regards
Markus Wanner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1513 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-fgfs-crew/attachments/20150318/58419ab5/attachment.sig>
More information about the pkg-fgfs-crew
mailing list