[Bug 1961600] Re: "open" command crashes when filename as space in it

bcwhite 1961600 at bugs.launchpad.net
Tue Feb 22 13:19:21 UTC 2022 

As the original author of the run-mailcap program, this hack to bypass
the check for shell meta-characters when called as "open" is DANGEROUS!
It allows the execution of arbitrary commands on a victim's computer
with a specially crafted filename if there is an mailcap entry with an
improperly quoted "%s" (and let's face it -- there is no proper quoting
that will handle all cases).  It was such an entry (in qpdfview) that
led to the discovery of this problem.

I suspect this extra condition was added at a time when the mailcap
package was missing a dependency on the package providing bin/mktemp,
something I believe has been fixed.

The upstream Debian package does not have this extra condition.
https://salsa.debian.org/debian/mailcap/-/blob/master/run-mailcap#L480

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to mailcap in Ubuntu.
https://bugs.launchpad.net/bugs/1961600

Title:
  "open" command crashes when filename as space in it

Status in mailcap package in Ubuntu:
  New

Bug description:
  I use Lubuntu 21.04. I use "open" command a lot to open files (mostly
  pdfs, sometimes images or videos) from terminal. It breaks when there
  is a space in the filename. Since /usr/bin/open ->
  /etc/alternatives/open -> /usr/bin/run-mailcap. I ran it using the
  "run-mailcap" name. I mailed the creator of run-mailcap. I'm attaching
  the email exchange as a text file. I also attach the run-mailcap file.
  And the bug is on line 480: "if (decode(langinfo(CODESET()), $file) =~
  m![^[:alnum:],.:/@%^+=_-]!i and $0 !~ "open") {"

  ProblemType: Bug
  DistroRelease: Ubuntu 21.04
  Package: mailcap 3.68ubuntu1
  ProcVersionSignature: Ubuntu 5.11.0-49.55-generic 5.11.22
  Uname: Linux 5.11.0-49-generic x86_64
  ApportVersion: 2.20.11-0ubuntu65.4
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: LXQt
  Date: Mon Feb 21 19:48:43 2022
  InstallationDate: Installed on 2022-01-24 (28 days ago)
  InstallationMedia: Lubuntu 21.04 "Hirsute Hippo" - Release amd64 (20210420)
  PackageArchitecture: all
  SourcePackage: mailcap
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mailcap/+bug/1961600/+subscriptions

More information about the foundations-bugs mailing list