rpms/kdewebdev/FC-3 post-3.3.2-kdewebdev-kommander.diff, NONE, 1.1 kdewebdev.spec, 1.2, 1.3

Wed Apr 27 17:58:59 UTC 2005

Author: than

Update of /cvs/dist/rpms/kdewebdev/FC-3
In directory cvs.devel.redhat.com:/tmp/cvs-serv3888

Modified Files:
	kdewebdev.spec 
Added Files:
	post-3.3.2-kdewebdev-kommander.diff 
Log Message:
apply patch to fix CAN-2005-0754, Kommander untrusted code execution


post-3.3.2-kdewebdev-kommander.diff:
 instance.cpp |   29 +++++++++++++++++++++++++++++
 1 files changed, 29 insertions(+)

--- NEW FILE post-3.3.2-kdewebdev-kommander.diff ---
Index: kommander/executor/instance.cpp
===================================================================
RCS file: /home/kde/kdewebdev/kommander/executor/instance.cpp,v
retrieving revision 1.42
retrieving revision 1.42.2.1
diff -u -3 -d -p -r1.42 -r1.42.2.1
--- kommander/executor/instance.cpp	20 Jul 2004 19:04:40 -0000	1.42
+++ kommander/executor/instance.cpp	21 Apr 2005 23:35:59 -0000	1.42.2.1
@@ -131,6 +131,35 @@ bool Instance::build(QFile *a_file)
 
 bool Instance::run(QFile *a_file)
 {
+  // Check whether extension is *.kmdr
+  if (!m_uiFileName.fileName().endsWith(".kmdr")) {
+    KMessageBox::error(0, i18n("<qt>This file does not have a <b>.kmdr</b> extension. As a security precaution "
+           "Kommander will only run Kommander scripts with a clear identity.</qt>"),
+           i18n("Wrong Extension"));
+    return false;
+  }
+
+  // Check whether file is not in some temporary directory.
+  QStringList tmpDirs = KGlobal::dirs()->resourceDirs("tmp");
+  tmpDirs += KGlobal::dirs()->resourceDirs("cache");
+  tmpDirs.append("/tmp/");
+  tmpDirs.append("/var/tmp/");
+
+  bool inTemp = false;
+  for (QStringList::ConstIterator I = tmpDirs.begin(); I != tmpDirs.end(); ++I)
+    if (m_uiFileName.directory().startsWith(*I))
+      inTemp = true;
+
+  if (inTemp)
+  {
+     if (KMessageBox::warningYesNo(0, i18n("<qt>This dialog is running from your <i>/tmp</i> directory. "
+         " This may mean that it was run from a KMail attachment or from a webpage. "
+         "<p>Any script contained in this dialog will have write access to all of your home directory; "
+         "<b>running such dialogs may be dangerous: </b>"
+         "<p>are you sure you want to continue?</qt>")) == KMessageBox::No)
+       return false;
+  }
+
   /* add runtime arguments */
   if (m_cmdArguments) {
     QString args;


Index: kdewebdev.spec
===================================================================
RCS file: /cvs/dist/rpms/kdewebdev/FC-3/kdewebdev.spec,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- kdewebdev.spec	18 Oct 2004 19:44:18 -0000	1.2
+++ kdewebdev.spec	27 Apr 2005 17:58:57 -0000	1.3
@@ -7,7 +7,7 @@
 %define kde_version 3.3.1
 
 Version: 3.3.1
-Release: 2
+Release: 2.1
 Summary: WEB Development package for the K Desktop Environment.
 Name: kdewebdev
 Url: http://quanta.sourceforge.net/
@@ -24,6 +24,8 @@
 Source4: http://download.sourceforge.net/quanta/javascript.tar.bz2
 
 Patch0: javascript.patch
+# KDE Security Advisory: Kommander untrusted code execution CAN-2005-0754
+Patch1: post-3.3.2-kdewebdev-kommander.diff
 
 Prereq: /sbin/ldconfig
 Requires: kdelibs >= %{kde_version}
@@ -54,6 +56,7 @@
 %prep
 %setup -q -a 1 -a 2 -a 3 -a 4
 %patch0 -p0 -b .javascript
+%patch1 -p0 -b .CAN-2005-0754
 
 %build
 QTDIR="" && . /etc/profile.d/qt.sh
@@ -133,6 +136,10 @@
 %{_includedir}/*
 
 %changelog
+* Wed Apr 27 2005 Than Ngo <than at redhat.com> 6:3.3.1-2.1
+- apply patch to fix CAN-2005-0754, Kommander untrusted code execution,
+  thanks to KDE security team
+
 * Mon Oct 18 2004 Than Ngo <than at redhat.com> 6:3.3.1-2
 - rebuilt
 


