mirror of
https://github.com/outbackdingo/openwrt.git
synced 2026-01-28 18:19:58 +00:00
267873ac9b
Current code and also before commitda52dd0c83was vulnerable to shell injection using volume lables in the GPT partition table of block devices. Given that partition names can be freely defined in GPT tables we really shouldn't evaluate a string which is potentially crafted with evil intentions. Hence rather use `export -n` to absorb the uevent's variables into the environment. Fixes commitda52dd0c83(base-files: quote values when evaluating uevent) Signed-off-by: Daniel Golle <daniel@makrotopia.org> [mschiffer@universe-factory.net: suggested export -n usage]