https://bugzilla.samba.org/show_bug.cgi?id=14442 --- Comment #2 from Vadim Lebedev <vadim@xxxxxxxxxx> --- It's a step in the right direction, but consider the case when systemd-ask-password is a shell script with( #!/bin/sh) I believe the vulnerability will be still present.... Maybe the best way will be to scan the option string for presence of "$(" and prefix the '$' by '\' or abort the operation? -- You are receiving this mail because: You are the QA Contact for the bug.
