On Sat, February 24, 2018 11:20 am, Marek Marczykowski-Górecki wrote:
> The problem is that '$' keywords in some places (like call argument, or
> original target specification) are not meant to be expanded _at all_. And
> since '$' is a special character in shell used for variables, it's enough
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Fri, Feb 23, 2018 at 08:50:09AM -, 'awokd' via qubes-devel wrote:
> On Wed, February 21, 2018 11:35 am, 'Tom Zander' via qubes-devel wrote:
>
> > The point of a variable that is passed from a VM to the dom0 qrexec
> > daemon is that your
On Wed, February 21, 2018 11:35 am, 'Tom Zander' via qubes-devel wrote:
> The point of a variable that is passed from a VM to the dom0 qrexec
> daemon is that your source VM doesn't have to know about who is $adminVM
> or what is the actually started dispVM's name. QRexec daemon (in dom0)
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Wed, Feb 21, 2018 at 08:58:52PM +, Pedro Martins wrote:
> On 20-02-2018 00:49, Marek Marczykowski-Górecki wrote:
> >Resolution
> >===
> >
> >We've decided to deprecate the '$' character from qrexec-related usage.
> >Instead, to denote
On 20-02-2018 00:49, Marek Marczykowski-Górecki wrote:
Resolution
===
We've decided to deprecate the '$' character from qrexec-related usage.
Instead, to denote special tokens, we will use the '@' character,
which we believe is less likely to be interpreted in a special way
by the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Dear Qubes Community,
We have just published Qubes Security Bulletin (QSB) #38:
Qrexec policy bypass and possible information leak.
The text of this QSB is reproduced below. This QSB and its accompanying
signatures will always be available in the
