Skip to content
Commit eab2d8c0 authored by Dichen Zhang's avatar Dichen Zhang
Browse files

Fix command injection on screencap

There is a potential injection by using screencap in case of user handled parameters.
"dumpstate" command launches "screencap", when "-p" is argument is set. At that moment, content of "-o" parameter generates a path with ".png" extension to define "screencap" argument.
"dumpstate" is often run as a service with "root" privileged such as defined in "dumpstate.rc". For instance "bugreportz" call "ctl.start" property with "dumpstatez".
Launching "dumpstate" with "-p" option and a user input as "-o" would result in a root command execution. SE Linux might protect part of this attack.

Cherry-pick from ag/10651695 with fix ag/10700515

Bug: 123230379
Test: please see commands #4 and #5
Change-Id: Icd88cdf4af153e07addb4449cdb117b1a3c881d3
parent 56e3510b
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment