this post was submitted on 29 Sep 2024
176 points (98.4% liked)
Linux
48298 readers
339 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The questionable commit:
Can someone explain to me how this allows arbitrary code execution? As far as I can see, all it does iterate through a string and markup some special characters.
Edit: Okay, after reading the blog post, and this fantastic bug report, it sounds like to print to a CUPS server, you send it a message on port 631 using an IPP (some print protocol) server. CUPS then requests attributes of the IPP server, one of which being the print filter command to run ("Foomatic-rip") to use to convert a PS or PDF into native print code. By requesting attributes, an exploit involving string escaping through the use of unexpected spaces or quotes can override the Foomatic print command. Arbitrary text can be supplanted, which will then be executed by the CUPS server.
From what I understand, this allows arbitrary command execution. So, an attacker can specify a string of text that something on the affected system will just plop into a command line and execute.
Take a look at the exploit code