Kommander untrusted code execution, #89092

(Portage version: 2.0.51.19)

3 files changed, 65 insertions, 0 deletions

diff --git a/kde-base/kdewebdev/files/digest-kdewebdev-3.3.2-r1 b/kde-base/kdewebdev/files/digest-kdewebdev-3.3.2-r1
new file mode 100644
index 000000000000..6e016ea743e8
--- /dev/null
+++ b/kde-base/kdewebdev/files/digest-kdewebdev-3.3.2-r1
@@ -0,0 +1 @@
+MD5 582d0f3073d5829b4ab21b03411ba697 kdewebdev-3.3.2.tar.bz2 4797649
diff --git a/kde-base/kdewebdev/files/digest-kdewebdev-3.4.0-r1 b/kde-base/kdewebdev/files/digest-kdewebdev-3.4.0-r1
new file mode 100644
index 000000000000..0af1ae241535
--- /dev/null
+++ b/kde-base/kdewebdev/files/digest-kdewebdev-3.4.0-r1
@@ -0,0 +1 @@
+MD5 a131b9a14c5da402417b43ed8bc61df1 kdewebdev-3.4.0.tar.bz2 6243584
diff --git a/kde-base/kdewebdev/files/post-3.4-kdewebdev.diff b/kde-base/kdewebdev/files/post-3.4-kdewebdev.diff
new file mode 100644
index 000000000000..937c99d97257
--- /dev/null
+++ b/kde-base/kdewebdev/files/post-3.4-kdewebdev.diff
@@ -0,0 +1,63 @@
+Index: instance.cpp
+===================================================================
+RCS file: /home/kde/kdewebdev/kommander/executor/instance.cpp,v
+retrieving revision 1.49
+diff -u -3 -d -p -r1.49 instance.cpp
+--- kommander/executor/instance.cpp	29 Dec 2004 09:58:46 -0000	1.49
++++ kommander/executor/instance.cpp	13 Apr 2005 19:18:57 -0000
+@@ -131,6 +131,35 @@ bool Instance::build(QFile *a_file)
+ 
+ bool Instance::run(QFile *a_file)
+ {
++  // Check whether extension is *.kmdr
++  if (!m_uiFileName.fileName().endsWith(".kmdr")) {
++    KMessageBox::error(0, i18n("<qt>This file does not have a <b>.kmdr</b> extension. As a security precaution "
++           "Kommander will only run Kommander scripts with a clear identity.</qt>"),
++           i18n("Wrong Extension"));
++    return false;
++  }
++  
++  // Check whether file is not in some temporary directory.
++  QStringList tmpDirs = KGlobal::dirs()->resourceDirs("tmp");
++  tmpDirs += KGlobal::dirs()->resourceDirs("cache");
++  tmpDirs.append("/tmp/");
++  tmpDirs.append("/var/tmp/");
++  
++  bool inTemp = false;
++  for (QStringList::ConstIterator I = tmpDirs.begin(); I != tmpDirs.end(); ++I)
++    if (m_uiFileName.directory().startsWith(*I))
++      inTemp = true;
++        
++  if (inTemp)
++  {
++     if (KMessageBox::warningYesNo(0, i18n("<qt>This dialog is running from your <i>/tmp</i> directory. "
++         " This may mean that it was run from a KMail attachment or from a webpage. "
++         "<p>Any script contained in this dialog will have write access to all of your home directory; "
++         "<b>running such dialogs may be dangerous: </b>"
++         "<p>are you sure you want to continue?</qt>")) == KMessageBox::No)
++       return false;
++  }
++  
+   /* add runtime arguments */
+   if (m_cmdArguments) {
+     QString args;
+@@ -143,18 +172,7 @@ bool Instance::run(QFile *a_file)
+     KommanderWidget::setGlobal("ARGS", args);
+   }
+   KommanderWidget::setGlobal("ARGCOUNT", QString("%1").arg(m_cmdArguments));
+-    
+-  if (m_uiFileName.directory().startsWith(locateLocal("tmp", "") + "/") ||
+-      m_uiFileName.directory().startsWith("/tmp/"))
+-  {
+-     if (KMessageBox::warningYesNo(0, i18n("<qt>This dialog is running from your <i>/tmp</i> directory. "
+-         " This may mean that it was run from a KMail attachment or from a webpage. "
+-         "<p>Any script contained in this dialog will have write access to all of your home directory; "
+-         "<b>running such dialogs may be dangerous: </b>"
+-         "<p>are you sure you want to continue?</qt>")) == KMessageBox::No)
+-       return false;
+-  }
+-  
++     
+   if (!m_uiFileName.isEmpty()) 
+   {
+     KommanderWidget::setGlobal("_KDDIR", m_uiFileName.directory());