[pve-devel] [PATCH RFC container] include custom lxc options when displaying config
Wolfgang Bumiller
w.bumiller at proxmox.com
Thu Jun 16 08:56:59 CEST 2016
> On June 15, 2016 at 3:54 PM Dietmar Maurer <dietmar at proxmox.com> wrote:
>
>
> > >
> > > > + my $v = PVE::Tools::encode_text(@$lxc_opt[1]);
> > >
> > > why do you call PVE::Tools::encode_text() here?
> >
> > because this is an unvalidated, user provided value that is printed to the
> > shell/terminal
>
> IMHO that is not really dangerous
Unless your terminal implements the right features...
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0063
More information about the pve-devel
mailing list