From 3fdff274c40795ad6a24891066358aa7a3953962 Mon Sep 17 00:00:00 2001 From: Matthias Gerstner Date: Tue, 22 Aug 2023 14:28:33 +0200 Subject: [PATCH] cadence.py: wine ASIO settings: use safe tempfile This fixed tempfile path poses a security issue that even might allow other users on the system to inject arbitrary wine registry settings, if protect_symlinks and protect_regular kernel protection is not enabled. Use a proper NamedTemporaryFile to pass the data to regedit to fix this. --- src/cadence.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/cadence.py b/src/cadence.py index 714e2d6..fddadfb 100755 --- a/src/cadence.py +++ b/src/cadence.py @@ -47,6 +47,8 @@ from shared_settings import * # Import getoutput from subprocess import getoutput +import tempfile +import subprocess # ------------------------------------------------------------------------------------------------------------ # Try Import DBus @@ -2095,11 +2097,10 @@ class CadenceMainW(QMainWindow, ui_cadence.Ui_CadenceMainW): REGFILE += '"Number of outputs"=dword:000000%s\n' % smartHex(self.sb_wineasio_outs.value(), 2) REGFILE += '"Preferred buffersize"=dword:0000%s\n' % smartHex(int(self.cb_wineasio_bsizes.currentText()), 4) - writeFile = open("/tmp/cadence-wineasio.reg", "w") - writeFile.write(REGFILE) - writeFile.close() - - os.system("regedit /tmp/cadence-wineasio.reg") + with tempfile.NamedTemporaryFile('w') as tmpfile: + tmpfile.write(REGFILE) + tmpfile.flush() + subprocess.run(["regedit", tmpfile.name]) self.settings_changed_types = [] self.frame_tweaks_settings.setVisible(False) -- 2.41.0