Revision eebcb17...

Go back to digest for 9th November 2014

Security in KDE Base

David Edmundson committed changes in [kde-workspace/KDE/4.11] /dateandtime:

Do not pass ntpUtility as an argument to datetime helper

Passing the name of a binary to run to a polkit helper is a security
risk as it allows any arbitrary process to be executed.

This patch moves the detection of ntp utility location into the helper

REVIEW: 120977

File Changes

Modified 3 files
  • /dateandtime
  •   kcontrol/dtime.cpp
  •   kcontrol/helper.cpp
  •   kcontrol/helper.h
3 files changed in total