[PATCH 0/2] moveconfig fixes

Markus Klotzbuecher mk at mkio.de
Wed Feb 12 20:46:43 CET 2020

Two fixes to moveconfig: the first addresses a potential security
issue reported by Heinrich Schuchardt caused by using the Python
built-in eval to expand CONFIG_ value expressions. Running moveconfig
on a maliciously prepared CONFIG could lead to execution of arbitrary
Python code. The second is a Python3 bugfix.

Markus Klotzbuecher (2):
  moveconfig: replace unsafe eval with asteval
  moveconfig: convert ps.stderr to string

 tools/moveconfig.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)


More information about the U-Boot mailing list