mirror of
https://github.com/alsa-project/alsa-lib.git
synced 2025-10-29 05:40:25 -04:00
The Advanced Linux Sound Architecture (ALSA) - library
cb34cee0d8
As suggested in POSIX[1], wordexp might execute the shell. If the libc implementation does so, it will break the firefox sandbox which does not allow exec. This happened on Alpine Linux with musl libc[2]. Since we cannot guarantee that the system wordexp implementation does not execute shell, we cannot really use it, and need to implement the ~/ expansion ourselves. We provide a configure option --with-wordexp for users that still may need it, but we leave this off by default because wordexp is a large attack vector and it is better to avoid it. [1]: http://pubs.opengroup.org/onlinepubs/9699919799/functions/wordexp.html#tag_16_684_08 [2]: http://bugs.alpinelinux.org/issues/7454#note-2 Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Signed-off-by: Takashi Iwai <tiwai@suse.de> |
||
|---|---|---|
| alsalisp | ||
| aserver | ||
| doc | ||
| include | ||
| m4 | ||
| modules | ||
| src | ||
| test | ||
| utils | ||
| .gitignore | ||
| acinclude.m4 | ||
| ChangeLog | ||
| configure.ac | ||
| COPYING | ||
| gitcompile | ||
| INSTALL | ||
| Makefile.am | ||
| MEMORY-LEAK | ||
| NOTES | ||
| TODO | ||