[pve-devel] [PATCH RFC container] include custom lxc options when displaying config
Dietmar Maurer
dietmar at proxmox.com
Wed Jun 15 15:54:41 CEST 2016
> >
> > > + my $v = PVE::Tools::encode_text(@$lxc_opt[1]);
> >
> > why do you call PVE::Tools::encode_text() here?
>
> because this is an unvalidated, user provided value that is printed to the
> shell/terminal
IMHO that is not really dangerous
> (we do the same for the description).
because we store them in this format, so the file content is exactly what is
printed.
> I can't think of anything really dangerous atm, but you can at least hide
> stuff (for example, lines or parts of lines) using terminal escape sequences.
Ah. but only root can add those lines?
More information about the pve-devel
mailing list