Bug has been fixed and new version cheermeup-0.6-1 released.
The bug was fixed by grepping the "key=value" entries in the users'
config files, that is, without executing or sourcing them.
--
OLE WOLF[1]
Rødhættevej 4 * 9400 Nørresundby
Telefon: 9632-0108 * Mobil: 2467-5526 * Skype: ole.
Hi Ole,
On 27/10/11 21:25, Ole Wolf wrote:
>
>Ouch, I should have throught of that possible exploit. I agree, it's
> not suitable for release as is; in fact, I'll remove the download from the
> homepage.
wow, that was quick. :-) I agree that it's probably better to remove the
download until
Hi Philipp,
Ouch, I should have throught of that possible exploit. I agree, it's
not suitable for release as is; in fact, I'll remove the download from the
homepage.
What is "polygen"?
Thanks,
--Ole
Quoting "Philipp A. Hartmann" :
Hey,
the cronjob script in the cheermeup pa
Hey,
the cronjob script in the cheermeup package contains a serious privilege
escalation bug by sourcing the "user configuration settings" as root user:
# ...
localconfig="$homedir/.config/cheermeup/config"
if [ -f "$localconfig" ]; then
. $localconfig
else
# ...
A local user
4 matches
Mail list logo
