Bug 671219 – Completion for quoting/escaping of command parameters

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 671219 - Completion for quoting/escaping of command parameters


Summary:	Completion for quoting/escaping of command parameters


Status:	RESOLVED DUPLICATE of bug 740161

Product:	gparted
Classification:	Other
Component:	application
Version:	0.12.0
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	---
Assigned To:	gparted maintainers alias
QA Contact:	gparted maintainers alias

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2012-03-02 16:15 UTC by Markus Elfring
Modified:	2015-10-21 17:20 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Markus Elfring 2012-03-02 16:15:55 UTC

Some commands get constructed in the source files. I miss corresponding quoting/escaping for strings that are passed to the member function "Utils::execute_command". It seems that you can not be absolutely sure that no other and unwanted commands will be generated eventually by the reuse of a "special" path or mount point.

Would you like to make the affected places safer?

http://en.wikipedia.org/wiki/Code_injection#Shell_injection

Comment 1 Markus Elfring 2012-03-02 17:10:40 UTC

Is the issue "Improper Neutralization of Special Elements used in a Command ('Command Injection')" relevant here?
http://cwe.mitre.org/data/definitions/77.html

Comment 2 Curtis Gedak 2015-10-21 17:20:55 UTC


*** This bug has been marked as a duplicate of bug 740161 ***