Single quotes and other chars are not escaped; LUA injection vuln #7
Comments
|
or |
|
Merged commit doesn't quite fix the vulnerability; the escape can itself be escaped. For example: |
|
Yes I am not solved that Up to someone else... I just made menu with |
|
If anyone has a candidate fix, feel free to submit a pull request. I haven't used awesome for a number of years and am kind of surprised that this appmenu seems to be getting some interest now. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Just like the title says, when awesome-appmenu generates the
appmenu.luafile and encounters an app with a'character in its name, awesome-appmenu will not escape that character.One such example of a popular application that causes this is the game Garry's Mod.
This bug can be exploited to inject arbitrary LUA code that will always run at awesome's startup.
A malicious .desktop file could have the name
foo', os.exit() }, --and this would immediately kick the user out of their X session.The text was updated successfully, but these errors were encountered: