From Fedora Project Wiki

Revision as of 18:49, 11 January 2013 by Mitr (talk | contribs) (Created page with "Note that the "exampleshell"'s use of os.system() is insecure. This is "only" a matter of handling invalid input correctly if the shell is run by root. But if this software ...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Note that the "exampleshell"'s use of os.system() is insecure. This is "only" a matter of handling invalid input correctly if the shell is run by root. But if this software becomes popular, it will almost certainly invoked with data originating from untrusted users, and therefore become a root privilege escalation vulnerability.

Retrieved from "https://fedoraproject.org/w/index.php?title=Talk:Features/SystemConfigurationShell&oldid=318000"