[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-smalltalk] Security Issue VFS
From: |
Paolo Bonzini |
Subject: |
Re: [Help-smalltalk] Security Issue VFS |
Date: |
Mon, 19 Dec 2011 18:24:40 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20110930 Thunderbird/7.0.1 |
On 12/19/2011 04:41 PM, maarten wrote:
and added it to String.st in the kernel folder.
Now withing every call of system in the VFS library I've added (string)
escape. This way anyone could escape any string in any situation and it
also works for this particular problem.
Your code is a bit inefficient. Never use the comma message. Always
use streams instead.
Also, a partial fix (not escaping everything) is as ineffective as no fix.
I attach a patch that does this more efficiently and adds
#system:withArguments:. Can you fix VFS using this new method?
Paolo
esc.patch
Description: Text Data