© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Question:
The release notes state: "Use ast.literal_eval() instead of the generic eval(), to prevent arbitrary code execution from malicious .crash files"
The change should be in ui.py in this revision:
http://
Just to be clear: How does "self.offer_restart = True" avoid generic "eval()" and use "ast.literal_
Does this also mean that there are still situations where "eval()" is called? And why? This always leads to security issues, it's just a matter of time.
Thanks for fixing it quickly.