Revision 38cabfc...

Go back to digest for 6th April 2014

Security in KDE-PIM

Jan Kundrát committed changes in [trojita] src/Ubuntu/main.cpp:

Ubuntu: fix insecure access to CWD when looking up files

The logic wa sapparently to make sure that we can find the QML file when run
straight from the build dir. However, it is important to use the path to the
aplication binary instead of the $CWD because otherwise Trojita would do
extremely dumb thing when called from inside an attacker-controlled directory.

This commit also adds the path to the app's exec file to the list of paths to
perform the lookup in order to preserve the desired functionality.

File Changes

Modified 1 files
  • src/Ubuntu/main.cpp
1 files changed in total