Grizzly quantum rootwrapper imports quantum code
Bug #1190675 reported by
Dirk Mueller
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Won't Fix
|
Undecided
|
Unassigned | ||
Grizzly |
Fix Released
|
Low
|
Dirk Mueller |
Bug Description
https:/
introduced loading of quantum.utils into rootwrap, which is both slow (as it loads a lot of other modules that nobody needs) and a potential security issue due to the amount of code being run as root. While I don't know of a way to exploit this I think it is a potential risk.
I suggest this part to be reverted for the quantum rootwrapper.
information type: | Public Security → Public |
Changed in quantum: | |
assignee: | Dirk Mueller (dmllr) → nobody |
To post a comment you must log in.
I think it makes sense.