D12513: CVE-2018-10361: privilege escalation
Albert Astals Cid
noreply at phabricator.kde.org
Tue May 1 23:05:47 UTC 2018
aacid added a comment.
Next time please use arc to upload patches, so that instead of those ugly "Context not available." we get nice links to see more code :)
@mgerstner I don't really understand why we need the chdir, renameat, etc.
Dropping privileges to the minimum needed should be enough, shouldn't it?
I mean at that point the only thing that can happen is that some user breaks files he can write to anyway, so why should we take extra precautions from that point on?
REPOSITORY
R39 KTextEditor
REVISION DETAIL
https://phabricator.kde.org/D12513
To: cullmann, dfaure
Cc: mgerstner, aacid, ngraham, fvogt, cullmann, #frameworks, michaelh, kevinapavew, bruns, demsking, sars, dhaumann
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20180501/a4aea342/attachment.html>
More information about the Kde-frameworks-devel
mailing list