WARNING: malicious code
Reindl Harald
h.reindl at thelounge.net
Sun Jul 6 11:48:47 UTC 2014
Am 06.07.2014 13:41, schrieb Sandro Mani:
> On 06.07.2014 13:38, drago01 wrote:
>> On Sun, Jul 6, 2014 at 1:04 PM, Till Maas <opensource at till.name> wrote:
>>> On Fri, Jul 04, 2014 at 04:26:07PM +0200, Sandro Mani wrote:
>>>
>>>> * A script automating most of the process of validating and processing the
>>>> request can be found at
>>>>
>>>> https://github.com/manisandro/fedora-process-simple-patch/blob/master/process-simple-patch.py
>>> Do not run this script, because it contains malicious code that
>>> might remove all files from your system! The code can be found in lines
>>> 301-302:
>>>
>>> | 301 os.chdir("/")
>>> | 302 shutil.rmtree(os.getcwd())
>> Ouch ... can we ban this guy from Fedora?
>
> This is a bit dramatic. I really sincerely apologize for this and please
> realize that I wrote this with the best
> intentions. I've fixed the issue...
how can a "rm -rf currentdir" happen by accident?
and that combined with make / to the current dir?
line 302 is a no-go in general
line 301 before that smells like intention
i can't imagine that two lines together happen by mistake
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140706/67a019c0/attachment.sig>
More information about the devel
mailing list