Full Disclosure mailing list archives
Re: Gaim festival plugin exploit
From: Jérôme Augé <eguaj () free fr>
Date: Wed, 15 Oct 2003 21:01:13 +0200
On Wed, Oct 15, 2003 at 05:29:55PM +0200, error wrote:
So a fixed version would look like this: AIM::register("Festival TTS", "0.0.1", "goodbye", ""); AIM::print("Perl Says", "Loaded Festival TTS"); AIM::command("idle", "60000") if ($pro ne "Offline"); AIM::add_event_handler("event_im_recv", "synthesize"); sub goodbye { AIM::print("Module Unloaded", "Unloaded Festival TTS"); } sub synthesize { my $string = $_[0]; $string =~ s/\<.*?\>//g; $string =~ s/\".*\"//; $string =~ s/[^\w]//g; system("echo \"$string\" | /usr/bin/festival --tts"); }
Removing all the non-word characters is of course effective, but it 's a little bit « restrictive » no ? A less « restrictive » but still « secure » way might be to not use the system() function at all : open(FESTIVAL, "|-", "/usr/bin/festival --tts"); print FESTIVAL "$string\n"; close FESTIVAL; That way you keep your original message intact with the punctuation characters, and you are immune to shell code injection... and ban this system() call with only one argument :) Regards, Jérôme -- "Res publica non dominetur" _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Gaim festival plugin exploit error (Oct 15)
- Re: Gaim festival plugin exploit Randal L. Schwartz (Oct 15)
- Re: Gaim festival plugin exploit Jérôme Augé (Oct 16)
- Re: Gaim festival plugin exploit HCTITS Security Division (Oct 17)
- Re: Re: Gaim festival plugin exploit Randal L. Schwartz (Oct 17)
- Re: Re: Gaim festival plugin exploit Valdis . Kletnieks (Oct 18)
- Re: Re: Gaim festival plugin exploit Randal L. Schwartz (Oct 17)
- Re: Gaim festival plugin exploit HCTITS Security Division (Oct 17)
- Re: Re: Gaim festival plugin exploit Cael Abal (Oct 17)
- Re: [Cert-lists] Re: Re: Gaim festival plugin exploit Georg Moritz (Oct 20)
- Re: Gaim festival plugin exploit Randal L. Schwartz (Oct 20)
- Re: Re: Gaim festival plugin exploit Brian Hatch (Oct 23)
- Re: Re: Gaim festival plugin exploit Randal L. Schwartz (Oct 23)
- RE: Re: Gaim festival plugin exploit Scott Phelps / Dreamwright Studios (Oct 23)
- Re: Re: Gaim festival plugin exploit Cael Abal (Oct 17)