You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ncm-symlink allows to specify commands whose output are used to build symlink target path. These commands are currently executed with qx (method expand_cmds). This should be replaced by CAF::Process.
Also to limit the risk of using this feature for command injection, look if the command could be executed as nobody, restricting the commands used to those involving no modification or file writing... We could also require the full path of the command to be specified and for backward compatibility assume /usr/bin for the commands without a path.
The text was updated successfully, but these errors were encountered:
ncm-symlink
allows to specify commands whose output are used to build symlink target path. These commands are currently executed withqx
(methodexpand_cmds
). This should be replaced byCAF::Process
.Also to limit the risk of using this feature for command injection, look if the command could be executed as
nobody
, restricting the commands used to those involving no modification or file writing... We could also require the full path of the command to be specified and for backward compatibility assume/usr/bin
for the commands without a path.The text was updated successfully, but these errors were encountered: