Thanks for reporting this bug. It appears to me that the issue you're referring to might have been fixed by this commit:
https://github.com/bit-team/backintime/commit/7795b40772c821805037664a559d96642b768391 Could you check again and confirm this, please? Then we could close this bug. On Wed, 31 Jan 2018 06:18:35 +0000 David Starner <prosfil...@gmail.com> wrote: > Package:backintime-qt4 > Version:1.1.12-2 > > ~/RPG/Mine/Traveller/Traveller_USB $ backintime-qt4 & > [1] 326 > ~/RPG/Mine/Traveller/Traveller_USB $ sh: 0: getcwd() failed: No such file > or directory > sh: 0: getcwd() failed: No such file or directory > Traceback (most recent call last): > File "/usr/share/backintime/qt4/app.py", line 46, in <module> > import snapshotsdialog > File "/usr/share/backintime/qt4/snapshotsdialog.py", line 32, in <module> > if tools.check_command('meld'): > File "/usr/share/backintime/common/tools.py", line 167, in check_command > return not which(cmd) is None > File "/usr/share/backintime/common/tools.py", line 173, in which > path.insert(0, os.getcwd()) > FileNotFoundError: [Errno 2] No such file or directory > > [1]+ Exit 1 backintime-qt4 > > I'm not going to trying to set up a proof-of-concept security hole with > this, but it seems quite obvious that backintime-qt4 should not insert the > current directory into the path for the same reasons that you don't insert > the current directory into the path in bash. All a user has to do is insert > the right executables into the current directory and then convince the > admin to run backintime-qt4 from that directory (and the social part of > that exploit seems simple enough). > > If nothing else, getting a backtrace from a program is bad, and this would > leave a non-programmer utterly baffled about what went wrong.
