Re: Cuirass news

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cuirass news

From:	Danny Milosavljevic
Subject:	Re: Cuirass news
Date:	Fri, 26 Jan 2018 15:30:05 +0100

Hi Ludo,

I saw that (cuirass database) has some problems with sql injection.
I defused it a little, see attached patch.

The idea is that sqlite-exec uses sqlite-bind to pass arguments
rather than formatting them on its own.

While we are at it, we can also reuse prepared statements (using the
sqltext as key to find the right one).

I also monitor sqlite accesses now - maybe that's overkill (see "with-mutex").

0001-database-Make-sqlite-exec-reuse-the-prepared-stateme.patch
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

Cuirass news, Ludovic Courtès, 2018/01/24
- Re: Cuirass news, Mathieu Othacehe, 2018/01/25
  - Re: Cuirass news, Mathieu Othacehe, 2018/01/25
    - Re: Cuirass news, Ludovic Courtès, 2018/01/25
    - Re: Cuirass news, Danny Milosavljevic <=
    - Re: Cuirass news, Ludovic Courtès, 2018/01/27
    - Re: Cuirass news, Danny Milosavljevic, 2018/01/27
    - Re: Cuirass news, Danny Milosavljevic, 2018/01/27
    - Re: Cuirass news, Ludovic Courtès, 2018/01/28
    - Re: Cuirass news, Danny Milosavljevic, 2018/01/28
    - Re: Cuirass news, Andy Wingo, 2018/01/29
- Re: Cuirass news, Ricardo Wurmus, 2018/01/25
  - Re: Cuirass news, Ludovic Courtès, 2018/01/26
- Re: Cuirass news, Danny Milosavljevic, 2018/01/25
  - Re: Cuirass news, Ludovic Courtès, 2018/01/26

Prev by Date: Re: [PATCHES] gnu: linux-libre: Full retpoline support on x86 [spectre mitigation]
Next by Date: Re: [PATCH] Add SELinux policy for guix-daemon.
Previous by thread: Re: Cuirass news
Next by thread: Re: Cuirass news
Index(es):
- Date
- Thread