On Thu, Oct 17, 2019 at 11:47:58AM -0400, Eli Schwartz wrote: > On 10/17/19 11:04 AM, Morten Linderud wrote: > > On Thu, Oct 17, 2019 at 05:01:46PM +0200, Morten Linderud wrote: > >> On Sun, Jun 09, 2019 at 10:13:55AM -0700, Andrew Gregory wrote: > >>> --- > >>> > >>> systemvp should pretty much be a drop-in replacement for system with > >>> the exception that it takes an argv array and uses exec. If anybody > >>> wants to play with it to stress test it a little, I have > >>> a self-contained copy and test program at: > >>> https://github.com/andrewgregory/snippets/blob/systemv/c/systemv.c > >>> > >>> TODO: > >>> * update docs > >>> * fix debug logging > >>> * should the command be run with PATH lookup (execv vs execvp)? > >>> * Is the use of mmap with MAP_ANONYMOUS okay? MAP_ANONYMOUS is > >>> not POSIX but "most systems also support MAP_ANONYMOUS (or its > >>> synonym MAP_ANON)" (mmap(2)). > >>> * should we reset signals prior to exec'ing like we do with > >>> hooks/scripts? > >> > >> This issue was assigned CVE-2019-18182. > >> > >> https://security.archlinux.org/CVE-2019-18182 > >> > >> I'm fixing the AVG whenever pacman 5.2 is released if Xfer isn't included. > >> > > > > Uh. I might not have paid attention. Eli mentioned on -security Xfer might > > not > > be included in the upcomming release, but then anthraxx pointed out it's in > > master :o Whats the status? > > Just to clarify, "might not be included in the upcoming release" was > before the v2 patch series posted on Friday. Before then, it was unclear > if the v1 patch series (which was marked as WIP with some TODO items) > would be finished before the upcoming release. > > This has landed in master as the following commit: > > https://git.archlinux.org/pacman.git/commit/?id=808a4f15ce82d2ed7eeb06de73d0f313620558ee > > And is mentioned in the NEWS file which is prepared here: > https://patchwork.archlinux.org/patch/1280/ >
Ack thanks. That was what anthraxx also wrote to me but the previous mail was sent a bit too quickly. -- Morten Linderud PGP: 9C02FF419FECBE16
signature.asc
Description: PGP signature
