Originally posted by timofonic
View Post
Announcement
Collapse
No announcement yet.
KDE Plasma Had A Silly But Serious Security Bug
Collapse
X
-
At first impression I thought this was just going to be a standard buffer overflow, but it turns out to be bash interpreting its input as code. Suffice it to say that there have been much worse bugs caused by systems with bash as an ingredient falling victim to the many arcane nuances of how bash can mishandle text (not necessarily text containing code - just strange characters or even spaces!).Last edited by ⲣⲂaggins; 11 February 2018, 06:17 AM.
- Likes 2
Comment
-
Originally posted by halo9en View Post
Heh, ain't he cute? At first I thought he was just a troll, but he's probably a very lonely, mentally deranged individual. Come on, leave that poor thing alone.
Enjoy your AIDS and die soon. It's either AIDS or suicide, so I'm sure you'll not last that long among the living. Hopefully.
Comment
-
Originally posted by Delgarde View Post
Sure, there are new developers... I deal with them all the time. And in any sanely-run project, inexperienced new developers don't get to commit code without having someone more experienced reviewing what they've done... both to catch dangerous errors like this, and to give them feedback on how to become better developers.
So if someone has written code like this, and someone has merged and released it... someone has screwed up badly.
In this case the KDE library in question does a really good job of hiding the fact that it was passing the args to system(), and the fix was just to use a "quoted" version of the library call. So it was pretty easy to miss. I bet you could have made that mistake. Read the patch.Last edited by linuxgeex; 12 February 2018, 06:19 AM.
- Likes 1
Comment
Comment