On Thu, Oct 17, 2019 at 05:01:46PM +0200, Morten Linderud wrote: > On Sun, Jun 09, 2019 at 10:13:55AM -0700, Andrew Gregory wrote: > > --- > > > > systemvp should pretty much be a drop-in replacement for system with > > the exception that it takes an argv array and uses exec. If anybody > > wants to play with it to stress test it a little, I have > > a self-contained copy and test program at: > > https://github.com/andrewgregory/snippets/blob/systemv/c/systemv.c > > > > TODO: > > * update docs > > * fix debug logging > > * should the command be run with PATH lookup (execv vs execvp)? > > * Is the use of mmap with MAP_ANONYMOUS okay? MAP_ANONYMOUS is > > not POSIX but "most systems also support MAP_ANONYMOUS (or its > > synonym MAP_ANON)" (mmap(2)). > > * should we reset signals prior to exec'ing like we do with > > hooks/scripts? > > This issue was assigned CVE-2019-18182. > > https://security.archlinux.org/CVE-2019-18182 > > I'm fixing the AVG whenever pacman 5.2 is released if Xfer isn't included. >
Uh. I might not have paid attention. Eli mentioned on -security Xfer might not be included in the upcomming release, but then anthraxx pointed out it's in master :o Whats the status? -- Morten Linderud PGP: 9C02FF419FECBE16
signature.asc
Description: PGP signature
