this is my first post in this kin of thing so bare with me.
there is a vulnerability in speechd that alllows you to run arbetrary code as the root user or whoever is running speechd
(hopefully not root!).
it will only work if you are using rsynth, that is all i have tested, it may work on festival too.
search for system in speechd, (/usr/local/bin
by default),
it is:
system("$cmd \'$text\'");
right above that, add?
$text =~ s/'//g;
(i'm not that familiar with perl , so if anybody has a better idea let me know -
i'm not familiar with shells that well either - learning).
you'll be giving up the 's, but it's better than:
echo "';touch /tmp/evilfile;chmod a+rwxs /tmp/evilfile" >/dev/speech
even though it logs, by then it'll be too late.
just my $.02,
Tyler Spivey
Student
