Review Request 128219: No longer allow installing to generic data folder because of security hole.

David Faure faure at kde.org
Sun Aug 14 09:46:59 UTC 2016


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/128219/#review98380
-----------------------------------------------------------


Ship it!




Looks good to me, thanks.

And since this wasn't used anywhere, there's no actual security annoucement to make. It was just a tool for app developers to shoot themselves in the foot, but they were clever enough not to use it :-)   (it == "data" resource or "/" as target dir)

- David Faure


On Aug. 12, 2016, 6:58 p.m., Jeremy Whiting wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/128219/
> -----------------------------------------------------------
> 
> (Updated Aug. 12, 2016, 6:58 p.m.)
> 
> 
> Review request for KDE Frameworks, David Faure and Richard Moore.
> 
> 
> Repository: knewstuff
> 
> 
> Description
> -------
> 
> When an application uses TargetDir=/ or StandardResource=data give a warning on the terminal and don't use the chosen location.
> 
> 
> Diffs
> -----
> 
>   src/core/installation.cpp a027418 
> 
> Diff: https://git.reviewboard.kde.org/r/128219/diff/
> 
> 
> Testing
> -------
> 
> No testing done yet, will write a unit test of some kind if this is the right direction.
> 
> 
> Thanks,
> 
> Jeremy Whiting
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20160814/d167dea8/attachment.html>


More information about the Kde-frameworks-devel mailing list