security: fix command execution and null-termination issues

Closes security vulnerabilities and documentation gaps: 1. Remove shell expansion from config-driven exec/exec-once - Eliminate wordexp() usage in spawn() - Add split_argv_noexpand() for safe argument parsing - Change run_exec() and run_exec_once() to use spawn() instead of spawn_shell() - Prevents shell injection and expansion-based DoS 2. Fix null-termination in chvt_backup_selmon - Add explicit null-terminator after strncpy() in chvt() - Prevents out-of-bounds read when used in regex_match() 3. Add regression test - New test_chvt_backup_selmon unit test to verify null-termination logic - Integrate tests into meson.build 4. Translate Chinese comments to English - Update IMPLEMENTATION_SUMMARY.md to remove Chinese text - Improves accessibility for international contributors 5. Update documentation - Update REVIEW_FINDINGS.md with English versions of examples - Remove wordexp include from meson.c headers (no longer needed)
2026-05-03 06:46:38 -04:00 · 2026-03-01 07:46:06 -03:00 · 2026-03-01 07:46:06 -03:00 · 5597a5ab80
commit 5597a5ab80
parent 5d2f052886
8 changed files with 128 additions and 49 deletions
--- a/REVIEW_FINDINGS.md
+++ b/REVIEW_FINDINGS.md
@ -330,10 +330,10 @@ for common cases (e.g., < 32 windows).

 **Examples:**

- Line 18: `# 如果 sysconfdir 以 prefix 开头，去掉 prefix`
- Line 22: `# 确保 sysconfdir 是绝对路径`
+- Line 18: `# If sysconfdir starts with prefix, remove prefix`
+- Line 22: `# Ensure sysconfdir is an absolute path`
 - Line 27-29: Debug output comments
- Line 44: `# 获取版本信息`
+- Line 44: `# Get version information`

 **Impact:** Reduces accessibility for international contributors