Close the security hole in try_touch_experiments
There was an exploit in try_touch_experiments where a malicious string
could be input that when converted from hex to ascii would produce a
property name that could escape out and run whatever it would like on
the command line when the program shelled out to alter the X properties.
This patch attempts to fix this by two approaches.
First: Input Validation. There is only a small subset of characters
that are legal in inputs. The program now does a more thorough job
filtering and will reject any input that contains illegal characters
even after decoding the string from hex->ascii.
Second: No shelling out. The X properties used to be changed using a
command line tool called xinput. To prevent this being exploited, I
have converted the program to do it manually. Now when property.cc
wants to alter a value, it actually connects to the X server itself and
changes the properties directly.
BUG=chromium:351857
TEST=manually tested on Pit and Peppy. It compiled and was able to run
experiments on each successfully. Known malicious input was
unsuccessful.
Change-Id: Ie4f0dafbbce2862feb98ba584ab8c16f54a5ea7c
Signed-off-by: Charlie Mooney <charliemooney@chromium.org>
4 files changed