Reply to post:

Until last week, you could pwn KDE Linux desktop with a USB stick

ibmalone Silver badge

For system calls, exec passes the argument list directly, it's system that executes through the shell. But yes, going by other comments, essentially an injection/escaping attack, quite similar to "shellshock". I'd no idea stuff in KDE was doing system type calls, probably calls for a code review.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019