D22979: Security: remove support for $(...) in config keys with [$e] marker.
David Faure
noreply at phabricator.kde.org
Wed Aug 7 08:35:50 BST 2019
dfaure marked 2 inline comments as done.
dfaure added inline comments.
INLINE COMMENTS
> mdawson wrote in kconfigtest.cpp:530
> Instead of removing this test, can it instead be switched to verify the command execution does not occur?
Hehe, that's what I did initially, and the value being read was (hostname) without the $ because of the way [$e] works. A bit surprising, but in line with the fact that $/ $? $@ etc would also remove the $ (because the code just sees an empty env var name), and if someone wanted to keep the $ they would have to write $$. So I concluded invalid testcase, nobody would write this anymore. But OK, it's a test about old files that might have this. I'll re-add the test.
REPOSITORY
R237 KConfig
BRANCH
security_kill_popen
REVISION DETAIL
https://phabricator.kde.org/D22979
To: dfaure, mdawson, aacid, broulik, davidedmundson, kossebau, apol, sitter, security-team
Cc: fvogt, ngraham, kde-frameworks-devel, LeGast00n, michaelh, bruns
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20190807/331325ef/attachment.html>
More information about the Kde-frameworks-devel
mailing list