> -----Original Message-----
> From: Development [mailto:development-bounces+mitch.curtis=qt.io@qt-
> project.org] On Behalf Of Kevin Kofler
> Sent: Tuesday, 6 March 2018 3:06 PM
> To: development@qt-project.org
> Subject: Re: [Development] Making QObject::dumpObjectTree() and
> QObject::dumpObjectInfo() invokable
> 
> Mitch Curtis wrote:
> > https://codereview.qt-project.org/#/c/221758/ makes
> > QObject::dumpObjectTree() and QObject::dumpObjectInfo() invokable so
> > that they can be used from QML.
> 
> Would this have any security impact? I'm thinking of issues like ASLR bypass
> or other information leakage, if these end up being invokable from untrusted
> scripts. Or is all the information contained there already available to QML?

I was hoping someone else would answer this because I have no idea what ASLR 
bypass is, but I can say that the information is already available to QML, at 
the very least by exposing it from C++, if that's what you mean.

>         Kevin Kofler
> 
> _______________________________________________
> Development mailing list
> Development@qt-project.org
> http://lists.qt-project.org/mailman/listinfo/development
_______________________________________________
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

Reply via email to