tails-documentation - Limited Path Traversal

From the Security Audit:

https://git.radicallyopensecurity.com/ros/pen-tails/-/issues/11

/usr/local/lib/tails-shell-library/localization.sh uses ${LANG} without validating it itself. This can lead to a path traversal in localized_tails_doc_page.

This is not exploitable so far, because the only user is /usr/local/sbin/unsafe-browser, which can only be called via sudo, which prevents the user from setting LANG to crafted values (using env_check)

However, having some validation in place here (for example: check that ${lang_code} doesn't include any /), might be worth it

Edited Apr 03, 2023 by boyska

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information