#7799 HIGH 8.2.0 (: exec_command D-Bus method is a security risk
Zarro Boogs per Child
bugtracker at laptop.org
Mon Aug 4 10:47:33 EDT 2008
#7799: exec_command D-Bus method is a security risk
----------------------------+-----------------------------------------------
Reporter: epmfairweather | Owner: ypod
Type: defect | Status: new
Priority: high | Milestone: 8.2.0 (was Update.2)
Component: cerebro | Version: not specified
Keywords: | Next_action: never set
Verified: 0 | Blockedby:
Blocking: |
----------------------------+-----------------------------------------------
Cerebro has a D-Bus method called exec_command that takes a string and
attempts to execute it. Cerebro runs as root, making this a severe
security risk. The method is unnecessary and should be removed.
--
Ticket URL: <http://dev.laptop.org/ticket/7799>
One Laptop Per Child <http://laptop.org/>
OLPC bug tracking system
More information about the Bugs
mailing list