From kde-commits Mon Mar 08 21:10:30 2004 From: Ladislav Strojil Date: Mon, 08 Mar 2004 21:10:30 +0000 To: kde-commits Subject: Re: kdelibs/kate/plugins [POSSIBLY UNSAFE] Message-Id: <200403082210.32835.Ladislav.Strojil () seznam ! cz> X-MARC-Message: https://marc.info/?l=kde-commits&m=107878024225766 MIME-Version: 1 Content-Type: multipart/mixed; boundary="--Boundary-02=_IFOTAX+vW6xTjRn" --Boundary-02=_IFOTAX+vW6xTjRn Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 08 of March 2004 22:01, Anders Lund wrote: > On Monday 08 March 2004 21:42, Anders Lund wrote: > > =A0 A =A0 =A0 =A0 =A0 =A0 =A0autobookmarker/autobookmarker.cpp =A0 1.1 = [POSSIBLY UNSAFE: > > KRun::runCommand] [UNKNOWN] A =A0 =A0 =A0 =A0 =A0 =A0autobookmarker/aut= obookmarker.h > > =A0 1.1 [UNKNOWN] > > Could anyone kindly fill me in on what triggers these warnings? > > The code using KRun was copied from another file, which iirc did not > trigger any warning when it was added, a few years back. And what is the > UNKNOWN about? AFAIK the script was added not so long ago (it's not few years back) and it= =20 checks for licence and for occurence of "evil" commands like "printf",=20 "exec", "system" or whatsoever might pose a security risc. It does not say= =20 the code is unsafe, it just points out that it might be worth double-checki= ng=20 the arguments to these functions. HTH, L=E1=EFa =2D-=20 ~ Ladislav Strojil, MFF UK ' v ' =20 // \\ =20 /( )\ Powered by Penguin. ^ ' ^ --Boundary-02=_IFOTAX+vW6xTjRn Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQBATOFITnMZPFqq4nwRAoyyAJ4trwFt7+J4kuYEt2tFyiJLVyxC3QCbBYrO 9Yscu5QMyAAvCArjmJuQXQ8= =cOHq -----END PGP SIGNATURE----- --Boundary-02=_IFOTAX+vW6xTjRn--