aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordylan.araps@gmail.com <dylan.araps@gmail.com>2020-01-27 21:36:50 +0000
committerdylan.araps@gmail.com <dylan.araps@gmail.com>2020-01-27 21:36:50 +0000
commit94cf07d24bb9e47b5fe48ac8145464b37c205148 (patch)
tree88eef50fc53db258a2465ae0bbbe0e0eca52e53e
parent38cc93f53096d38cc02f2b83e5635ff8903e2ce3 (diff)
downloadcpt-94cf07d24bb9e47b5fe48ac8145464b37c205148.tar.gz
kiss: comment
FossilOrigin-Name: b4fd8ba4cc83a0cf450310464a1e2c19825486bcae7d484f3ad9169fd120dff5
-rwxr-xr-xkiss4
1 files changed, 4 insertions, 0 deletions
diff --git a/kiss b/kiss
index dd3b6bd..fbd2ccb 100755
--- a/kiss
+++ b/kiss
@@ -84,6 +84,10 @@ root_cache() {
# Validate the password now with a simple 'true' command as we
# don't yet need to elevate permissions.
+ #
+ # Rather than checking if the '$pass' variable is non-empty,
+ # use an additional variable. The '[' command can be external
+ # which would result in '/proc' leakage.
dosu /bin/true && have_pw=1
}