On Thursday, June 29, 2017 at 1:26:57 AM UTC-4, Vít Šesták wrote: > It might be pointless to consider risks of passing result of qvm-run -p to > dom0 Bash expansion when you have path traversal in the first place. When > command «ls > /etc/NetworkManager/system-connections/» in sys-net returns paths like > “../.bashrc ../../.bashrc ../../../.bashrc” and the cat command returns some > arbitrary shell commands, you are close to be totally compromised by a > malicious sys-net. > > Regards, > Vít Šesták 'v6ak'
Thanks, you identified the problem more precisely than I would know how to. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0f4b6782-3320-4d14-831c-ee35425ea00d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
