Announcement

Collapse
No announcement yet.

KDE Plasma Had A Silly But Serious Security Bug

Collapse
X
Collapse
 
  • Page of 4
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 template Next
  • #31
    Originally posted by timofonic View Post
    Show me your brilliance, I'm yet unable to see it. For now, you are only a pathetic person that writes useless bullshit on some blog+forum How old are you?
    Heh, ain't he cute? At first I thought he was just a troll, but he's probably a very lonely, mentally deranged individual. Come on, leave that poor thing alone.
    • Likes 1

    Comment

    • #32
      At first impression I thought this was just going to be a standard buffer overflow, but it turns out to be bash interpreting its input as code. Suffice it to say that there have been much worse bugs caused by systems with bash as an ingredient falling victim to the many arcane nuances of how bash can mishandle text (not necessarily text containing code - just strange characters or even spaces!).
      Last edited by ⲣⲂaggins; 11 February 2018, 06:17 AM.
      • Likes 2

      Comment

      • #33
        Originally posted by halo9en View Post

        Heh, ain't he cute? At first I thought he was just a troll, but he's probably a very lonely, mentally deranged individual. Come on, leave that poor thing alone.
        Coming from you, it's a compliment. But, sorry pal, I don't want any business with faggots. timofonic is more up your alley.

        Enjoy your AIDS and die soon. It's either AIDS or suicide, so I'm sure you'll not last that long among the living. Hopefully.

        Comment

        • #34
          Originally posted by Delgarde View Post

          Sure, there are new developers... I deal with them all the time. And in any sanely-run project, inexperienced new developers don't get to commit code without having someone more experienced reviewing what they've done... both to catch dangerous errors like this, and to give them feedback on how to become better developers.

          So if someone has written code like this, and someone has merged and released it... someone has screwed up badly.
          Yes, and you earn the right to criticise when you are prepared to step into that role and make sure it doesn't happen. Otherwise you're just flapping your lips.

          In this case the KDE library in question does a really good job of hiding the fact that it was passing the args to system(), and the fix was just to use a "quoted" version of the library call. So it was pretty easy to miss. I bet you could have made that mistake. Read the patch.
          Last edited by linuxgeex; 12 February 2018, 06:19 AM.
          • Likes 1

          Comment

          Previous 1 2 3 4 template Next
          Working...
          X