Hello!
I want to pay your attention to realisation of export_params() function
(in Config.pm file). It exports environment variables without any
sanitizing, that sometimes can lead to errors, e.g. if variables contain
quotes and/or new line symbols.
The example is posted here: https://qa.mandriva.com/show_bug.cgi?id=64188
The unusual value of $EDITOR leads to impossibility to start Shorewall.
--
Best regards,
Dmitry Mikhirev
GNU/Linuxcenter
http://gnu.linuxcenter.ru
------------------------------------------------------------------------------
Why Cloud-Based Security and Archiving Make Sense
Osterman Research conducted this study that outlines how and why cloud
computing security and archiving is rapidly being adopted across the IT
space for its ease of implementation, lower cost, and increased
reliability. Learn more. http://www.accelacomm.com/jaw/sfnl/114/51425301/
On Fri, 2011-09-09 at 18:36 +0400, Dmitry Mikhirev wrote:> Hello! > > I want to pay your attention to realisation of export_params() function > (in Config.pm file). It exports environment variables without any > sanitizing, that sometimes can lead to errors, e.g. if variables contain > quotes and/or new line symbols. > > The example is posted here: https://qa.mandriva.com/show_bug.cgi?id=64188 > The unusual value of $EDITOR leads to impossibility to start Shorewall.Hello Dmitry, Here is a patch that applies with an offset to 4.4.19 (which is what the bug report refers to). It corrects the problem as far as I can tell. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Why Cloud-Based Security and Archiving Make Sense Osterman Research conducted this study that outlines how and why cloud computing security and archiving is rapidly being adopted across the IT space for its ease of implementation, lower cost, and increased reliability. Learn more. http://www.accelacomm.com/jaw/sfnl/114/51425301/
On 09/09/2011 08:03 PM, Tom Eastep wrote:> On Fri, 2011-09-09 at 18:36 +0400, Dmitry Mikhirev wrote: >> Hello! >> >> I want to pay your attention to realisation of export_params() function >> (in Config.pm file). It exports environment variables without any >> sanitizing, that sometimes can lead to errors, e.g. if variables contain >> quotes and/or new line symbols. >> >> The example is posted here: https://qa.mandriva.com/show_bug.cgi?id=64188 >> The unusual value of $EDITOR leads to impossibility to start Shorewall. > Hello Dmitry, > > Here is a patch that applies with an offset to 4.4.19 (which is what the > bug report refers to). It corrects the problem as far as I can tell. > > -Tom >Thank you for quick reply! I have updated package in Mandriva repo. ------------------------------------------------------------------------------ Doing More with Less: The Next Generation Virtual Desktop What are the key obstacles that have prevented many mid-market businesses from deploying virtual desktops? How do next-generation virtual desktops provide companies an easier-to-deploy, easier-to-manage and more affordable virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/