Hello,
Holger Fretyher and I concluded that there's a security issue in the
VFSAddOns package.
Code like this:
PackageLoader fileInPackage: 'VFSAddOns'.
((File name: 'dontcare') zip) createDirectory: '; xterm'.
Will not only try to open the zip, but also execute xterm, which
shouldn't be possible.
Now I'm wondering what would be the best way to fix this.
Paolo Bonzini suggested that doing something like:
st> 'abc'';xterm' asFile displayNl
'abc'\'';xterm'
might fix something.
I wonder if this would suffice or if there probably exists something
like the execvp system call for gnu-smalltalk?
Also VFSAddOns contained two bugs which made it impossible to use, I
think I've fixed those now so I'll try to submit those later. Where
should I do this?
_______________________________________________
help-smalltalk mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/help-smalltalk
