projects / project / rpcd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d978830) | patch
file: strengthen exec access control
authorErik Karlsson <erik.karlsson@genexis.eu>
Mon, 29 May 2023 17:54:23 +0000 (19:54 +0200)
committerHauke Mehrtens <hauke@hauke-m.de>
Sun, 25 Jun 2023 16:46:59 +0000 (18:46 +0200)
commit31c390727b83c9efd768c7aa258813e6084b46a3
treeeff1bdf39f6a6128950ede4bb4df13719be6350atree | snapshot
parentd97883005ffb5be251872c3e4abe04f71732f9bdcommit | diff
file: strengthen exec access control

Do not allow setting environment variables if there is a session as
there is no access control for environment variables and allowing
arbitrary data into the environment is unsafe. Do not leak arguments
through unchecked if the size of the buffer for access checking the
whole command line is exceeded. Adjust the maximum number of allowed
arguments so it matches the actual implementation.

Signed-off-by: Erik Karlsson <erik.karlsson@genexis.eu>
file.c diff | blob | history
OpenWrt ubus RPC daemon