Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/COPYING
diff options
context:
space:
mode:
authorAndrew Gregory <andrew.gregory.8@gmail.com>2019-06-09 09:56:36 -0700
committerAndrew Gregory <andrew.gregory.8@gmail.com>2019-10-12 07:04:20 -0700
commit808a4f15ce82d2ed7eeb06de73d0f313620558ee (patch)
tree9676438a2034e4cb7b0aba96b1512a8f8fa84efd /COPYING
parenta82b0028e431dbd8bb3512c3193b52985da82ec2 (diff)
run XferCommand via exec
system() runs the provided command via a shell, which is subject to command injection. Even though pacman already provides a mechanism to sign and verify the databases containing the urls, certain distributions have yet to get their act together and start signing databases, leaving them vulnerable to MITM attacks. Replacing the system call with an almost equivalent exec call removes the possibility of a shell-injection attack for those users. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Diffstat (limited to 'COPYING')
0 files changed, 0 insertions, 0 deletions

Copyright © 2002-2022 Judd Vinet and Aaron Griffin. Copyright © 2022 Erich Eckner.
The Arch Linux name and logo are recognized trademarks. Some rights reserved. The registered trademark Linux® is used pursuant to a sublicense from LMI, the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis.