On 30.11.2015 20:34, Bernd Dietzel wrote:
> @edso
> This depends on the program witch we call.
> We can not check all of the possible parameter combinations if they lead to a leak.
> So we do not want to have the arguments out of our hands.
well, most (if not all) legacy command lines start with a word, so parameter issues sound merely academic from a security point of view.
having written that i realise, there might be corner cases leading to sensitive files read/overwritten files when run as root, when the client binary fails to parse params correctly, that might be worth the effort to manually patch each and every backend affected.
> @Kenneth
> Why do we put the commands into a long string and afterwards "hopefully" spilt them again ?
> We should put them directly into a commandlist at the point we still know what was what.
> This would make it easy again ;-)
>
there is the "ominous" we agn. ;) patching every backend is a lot of effort and some "ominous" somebody needs to find the time to hack the solution. are you volunteering?
On 30.11.2015 20:34, Bernd Dietzel wrote:
> @edso
> This depends on the program witch we call.
> We can not check all of the possible parameter combinations if they lead to a leak.
> So we do not want to have the arguments out of our hands.
well, most (if not all) legacy command lines start with a word, so parameter issues sound merely academic from a security point of view.
having written that i realise, there might be corner cases leading to sensitive files read/overwritten files when run as root, when the client binary fails to parse params correctly, that might be worth the effort to manually patch each and every backend affected.
> @Kenneth
> Why do we put the commands into a long string and afterwards "hopefully" spilt them again ?
> We should put them directly into a commandlist at the point we still know what was what.
> This would make it easy again ;-)
>
there is the "ominous" we agn. ;) patching every backend is a lot of effort and some "ominous" somebody needs to find the time to hack the solution. are you volunteering?
..ede/duply.net