Hanno Böck
Hanno Böck
You mean the grep part here? ``` if ! apt-key list 5AFA7A83 | grep -q -E "1024|4096"; then ``` I just tried, but it seems there's no way to let...
@sualko the if clause is probably no security issue, but the --recv-key with the short key id is. But as a rule of thumb: Short key ids aren't unique, and...
FYI this was my talk, but the ACME/XSS thing wasn't from me, I just mention it, original source is: https://labs.detectify.com/2018/09/04/xss-using-quirky-implementations-of-acme-http-01/
Reading the bugzilla discussion I then believe there's no ideal solution and the best course of action would probably be to just leave the stray pid file and not emit...
I think we can close.
Personally I use Gentoo, so that's probably Linux. I may look into packaging it for Gentoo, because I'm kinda unhappy with the reliability of existing cron options, but no promises.
make output: ``` cc -g -Wall -Wno-unused -Wno-comment -I. -c -o cron.o cron.c cc -g -Wall -Wno-unused -Wno-comment -I. -c -o database.o database.c cc -g -Wall -Wno-unused -Wno-comment -I. -c...
`use_pty` should not just be implemented, but also be enabled by default, otherwise on Linux there are privilege escalations with TIOCSTI and TIOCLINUX ioctls. See also https://github.com/sudo-project/sudo/issues/258
I would prefer some clarification here, as I want to use xmltodict for a project where security against malicious input is relevant. I found this bug, as well as another...
Just to summarize this issue, as I think this can confuse others who might find this report: There is no security problem with currently supported versions of expat and python....