Univention Bugzilla – Bug 41736
UMC-client executes code
Last modified: 2021-06-23 07:29:12 CEST
umc-command -o "__import__('os').system('touch /tmp/hacked'):foo=bar" -n umc-command -e -o "__import__('os').system('touch /tmp/hacked')" -n As we use this script in various places with arguments from user input we should not allow code execution.
Replace eval() by ast.literal_eval(). univention-management-console.yaml: r70940 | YAML Bug #41736 univention-management-console (8.0.28-17): r70939 | Bug #41736: don't execute/evaluate code in umc-client arguments
There are little backward incompatibilities. Anyway, the "features" dropped are not used and not useful. Code: OK YAML: OK
<http://errata.software-univention.de/ucs/4.1/212.html>