On Thu, 2017-02-02 at 10:39 -0800, Gordon Messmer wrote: > Open a new bug report and focus on this patch, exclusively: > https://cgit.freedesktop.org/polkit/commit/src/programs/pkexec.c?id=6c992bc8aefa195a41eaa41c07f46f17de18e25c By the way, the comment for that commit starts with: This usage is clearly errorneous, so we should tell the users they are making a mistake. Besides, this allows an attacker to cause a high number of heap allocations with attacker-controlled sizes ( http://googleprojectzero.blogspot.cz/2014/08/the-poisoned-nul-byte-2014-edition.html ), making some exploits easier. Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research