From FedoraProject

Revision as of 18:49, 11 January 2013 by Mitr (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Note that the "exampleshell"'s use of os.system() is insecure. This is "only" a matter of handling invalid input correctly if the shell is run by root. But if this software becomes popular, it will almost certainly invoked with data originating from untrusted users, and therefore become a root privilege escalation vulnerability.