Release 5.1.0.9: fix: do not use "/bin/sh/ -c" parsing args of func PackageInstallable · linuxdeepin/lastore-daemon

5.1.0.9
1ed61e8
Choose a tag to compare

Filter

View all tags

5.1.0.9: fix: do not use "/bin/sh/ -c" parsing args of func PackageInstallable

5.1.0.9
1ed61e8
Choose a tag to compare

Filter

View all tags

longqi1993 tagged this 27 Jul 08:39

不使用/bin/sh -c 来解析传入的包名，来防止注入
Log: 修改lastore dbus接口PackageInstallable安全漏洞
Bug: https://pms.uniontech.com/zentao/bug-view-38621.html

Change-Id: Ibc0720f4db3dfe28da69768aefc827e1dcd6abb2
Reviewed-on: http://gerrit.uniontech.com/c/lastore-daemon/+/645
Tested-by: yekaisheng <yekaisheng@uniontech.com>
Reviewed-by: songwentai <songwentai@uniontech.com>

Assets 2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

Uh oh!