[Bug 40347] New: unmount uses unsafe system()

[wine-bugs at winehq.org]

https://bugs.winehq.org/show_bug.cgi?id=40347

            Bug ID: 40347
           Summary: unmount uses unsafe system()
           Product: Wine
           Version: unspecified
          Hardware: x86
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: -unknown
          Assignee: wine-bugs at winehq.org
          Reporter: cpicard at openmailbox.org
      Distribution: ---

Created attachment 54037
  --> https://bugs.winehq.org/attachment.cgi?id=54037
eject source file

DIR_unmount_device from wine/dlls/ntdll/directory.c doesn't sanitize its input
leading to a possible command execution by unmounting a device mounted on a
malicious path.

To reproduce (from Michael Müller):

    $ mkdir "a;xterm"
    $ mount "a;xterm"
    $ ./eject  # launches xterm

where eject is built from the attached code.

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.