Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.
Bug 329064 - Command Injection - BundleFile is executing arbitrary commands taken from a system property.
Summary: Command Injection - BundleFile is executing arbitrary commands taken from a s...
Status: RESOLVED WORKSFORME
Alias: None
Product: Equinox
Classification: Eclipse Project
Component: Framework (show other bugs)
Version: unspecified   Edit
Hardware: All All
: P3 normal (vote)
Target Milestone: ---   Edit
Assignee: equinox.framework-inbox CLA
QA Contact:
URL:
Whiteboard: stalebug
Keywords:
Depends on:
Blocks:
 
Reported: 2010-10-29 12:48 EDT by jonas.borjesson CLA
Modified: 2019-09-04 01:53 EDT (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description jonas.borjesson CLA 2010-10-29 12:48:41 EDT
Build Identifier: 3.6.0.v20100517

The file org.eclipse.osgi.baseadaptor.bundlefile.BundleFile builds up a command string taken from a system property (osgi.filepermissions.command or org.osgi.framework.command.execpermission) and then executes it using Runtime.getRuntime().exec. This is a potential security vulnerability, allowing an attacker to have the program execute commands with a privilege that the attacker normally wouldn't have.



Reproducible: Didn't try

Steps to Reproduce:
Found after scanning through the source code but by setting the system properties the correct as described (and by looking through the code, it could happen when native code is copied to the cache).
Comment 1 Eclipse Genie CLA 2018-10-15 10:20:19 EDT
This bug hasn't had any activity in quite some time. Maybe the problem got resolved, was a duplicate of something else, or became less pressing for some reason - or maybe it's still relevant but just hasn't been looked at yet.

If you have further information on the current state of the bug, please add it. The information can be, for example, that the problem still occurs, that you still want the feature, that more information is needed, or that the bug is (for whatever reason) no longer relevant.

--
The automated Eclipse Genie.
Comment 2 Lars Vogel CLA 2019-09-04 01:53:37 EDT
This bug was marked as stalebug a while ago. Marking as worksforme.

If this report is still relevant for the current release, please reopen and remove the stalebug whiteboard tag.