On Saturday 02 October 2010 01:06:41 Loui Chang wrote:
On Thu 30 Sep 2010 20:13 +0200, Lukas Fleischer wrote:
On Wed, Sep 29, 2010 at 03:35:24PM +0200, Manuel Tortosa wrote:
This introduces a remote file inclusion vulnerability allowing an attacker to read arbitrary files since "$pkgbuild" is not validated before passing it to file_get_contents().
Don't apply this patch until everything is fixed, please.
Thanks for your suggestions, i added them all to CCR ;)
Btw, this is still not fixed! Have a look at [1].
You should consider using basename(), realpath() and/or regexp to check the PKGBUILD path. Also check [2], [3].
[1] http://mailman.archlinux.org/pipermail/aur-dev/2010-September/001268.html [2] http://www.madirish.net/?article=427 [3] http://www.acunetix.com/websitesecurity/php-security-3.htm
Thanks for helping review these patches Lukas. It's much appreciated.
First of all thanks to everibody for pointing me to the correct path, Lukas (or anybody) can be so kind to check if this script it's safe? This time the valiable passed is $row['Name'] instead the whole path. Best Regards.