Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: 修复安全漏洞 #689

Merged
merged 1 commit into from
Nov 26, 2024
Merged

feat: 修复安全漏洞 #689

merged 1 commit into from
Nov 26, 2024

Conversation

fly602
Copy link
Contributor

@fly602 fly602 commented Nov 26, 2024

由于environ 由sender 控制,因此可以通过 sender 的 env 向 daemon 注入提 权逻辑。
只需要 sender 的 DISPLAY 环境变量。

Log: 修复安全漏洞
pms: TASK-101537

@fly602
feat: 修复安全漏洞
d339e33 
由于environ 由sender 控制,因此可以通过 sender 的 env 向 daemon 注入提
权逻辑。
只需要 sender 的 DISPLAY 环境变量。

Log: 修复安全漏洞
pms: TASK-101537
@deepin-ci-robot
Copy link

deepin pr auto review

关键摘要:

  • 在修改后的代码中,environ变量被初始化为os.Environ()的值,然后添加了DISPLAY环境变量和LC_ALL=C。这可能会覆盖原有的环境变量设置,需要确认这是否是预期的行为。
  • environ.Get("DISPLAY")可能是一个自定义方法,需要确保它返回的是字符串类型,并且不会引发错误。

是否建议立即修改:

  • 是,需要确认环境变量的修改是否符合预期,并确保environ.Get("DISPLAY")方法的正确性和安全性。

@deepin-ci-robot
Copy link

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: caixr23, fly602

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@fly602 fly602 merged commit 095ab34 into linuxdeepin:release/6.0 Nov 26, 2024
14 of 16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@caixr23 caixr23 caixr23 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fly602 @deepin-ci-robot @caixr23