[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#41619: [PATCH] Mark python-shell-virtualenv-root as safe local varia
From: |
Philip K. |
Subject: |
bug#41619: [PATCH] Mark python-shell-virtualenv-root as safe local variable |
Date: |
Tue, 16 Jun 2020 19:32:52 +0200 |
Eli Zaretskii <eliz@gnu.org> writes:
>> From: "Philip K." <philip@warpmail.net>
>> Cc: rgm@gnu.org, 41619@debbugs.gnu.org
>> Date: Tue, 16 Jun 2020 18:52:07 +0200
>>
>> Ultimatly, my estimation was wrong, and the variable shouldn't be marked
>> as safe, at least not with any heuristics that could warn the user if
>> the path is suspicious.
>
> So all we need is to remove the :safe attribute from the variable? Or
> something else?
That would make it harder for projects to hide malicious values of
python-shell-virtualenv-root, but it's still an attack vector in
principle.
--
Philip K.
- bug#41619: [PATCH] Mark python-shell-virtualenv-root as safe local variable, Eli Zaretskii, 2020/06/13
- bug#41619: [PATCH] Mark python-shell-virtualenv-root as safe local variable, Glenn Morris, 2020/06/13
- bug#41619: [PATCH] Mark python-shell-virtualenv-root as safe local variable, Eli Zaretskii, 2020/06/15
- bug#41619: [PATCH] Mark python-shell-virtualenv-root as safe local variable, Philip K., 2020/06/16
- bug#41619: [PATCH] Mark python-shell-virtualenv-root as safe local variable, Eli Zaretskii, 2020/06/16
- bug#41619: [PATCH] Mark python-shell-virtualenv-root as safe local variable,
Philip K. <=
- bug#41619: [PATCH] Mark python-shell-virtualenv-root as safe local variable, Eli Zaretskii, 2020/06/16
- bug#41619: [PATCH] Mark python-shell-virtualenv-root as safe local variable, Philip K., 2020/06/16
- bug#41619: [PATCH] Mark python-shell-virtualenv-root as safe local variable, Eli Zaretskii, 2020/06/20