Review Request 128219: No longer allow installing to generic data folder because of security hole.
David Faure
faure at kde.org
Sun Aug 14 09:46:59 UTC 2016
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/128219/#review98380
-----------------------------------------------------------
Ship it!
Looks good to me, thanks.
And since this wasn't used anywhere, there's no actual security annoucement to make. It was just a tool for app developers to shoot themselves in the foot, but they were clever enough not to use it :-) (it == "data" resource or "/" as target dir)
- David Faure
On Aug. 12, 2016, 6:58 p.m., Jeremy Whiting wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/128219/
> -----------------------------------------------------------
>
> (Updated Aug. 12, 2016, 6:58 p.m.)
>
>
> Review request for KDE Frameworks, David Faure and Richard Moore.
>
>
> Repository: knewstuff
>
>
> Description
> -------
>
> When an application uses TargetDir=/ or StandardResource=data give a warning on the terminal and don't use the chosen location.
>
>
> Diffs
> -----
>
> src/core/installation.cpp a027418
>
> Diff: https://git.reviewboard.kde.org/r/128219/diff/
>
>
> Testing
> -------
>
> No testing done yet, will write a unit test of some kind if this is the right direction.
>
>
> Thanks,
>
> Jeremy Whiting
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20160814/d167dea8/attachment.html>
More information about the Kde-frameworks-devel
mailing list