Commit cf2fe93
committed
fix: remove bash -c for security hardening
1. Replaced bash -c command execution with direct process execution for
improved security
2. Changed from using bash shell to directly execute setxkbmap command
3. Implemented manual parsing of setxkbmap output instead of relying on
grep and awk through bash
4. Added proper handling of output format including colon removal when
present
Log: Improved security by removing bash -c command execution
Influence:
1. Test lock screen functionality still works correctly
2. Verify keyboard options are properly retrieved and restored
3. Test with different keyboard configurations to ensure parsing works
correctly
4. Verify no regression in lock screen behavior
5. Test security by attempting command injection (should now be
prevented)
6. Verify process execution works without bash shell dependencies
fix: 移除 bash -c 以提高安全性
1. 将 bash -c 命令执行替换为直接进程执行以提高安全性
2. 从使用 bash shell 改为直接执行 setxkbmap 命令
3. 实现了手动解析 setxkbmap 输出,而不是通过 bash 依赖 grep 和 awk
4. 添加了适当的输出格式处理,包括存在冒号时的移除处理
Log: 通过移除 bash -c 命令执行提高了安全性
Influence:
1. 测试锁屏功能是否仍然正常工作
2. 验证键盘选项是否正确获取和恢复
3. 使用不同的键盘配置测试以确保解析正常工作
4. 验证锁屏行为没有回归问题
5. 测试安全性,尝试命令注入(现在应该被阻止)
6. 验证进程执行在没有 bash shell 依赖的情况下正常工作1 parent a30e646 commit cf2fe93
1 file changed
+19
-2
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
82 | 82 | | |
83 | 83 | | |
84 | 84 | | |
85 | | - | |
| 85 | + | |
86 | 86 | | |
87 | | - | |
| 87 | + | |
| 88 | + | |
| 89 | + | |
| 90 | + | |
| 91 | + | |
| 92 | + | |
| 93 | + | |
| 94 | + | |
| 95 | + | |
| 96 | + | |
| 97 | + | |
| 98 | + | |
| 99 | + | |
| 100 | + | |
| 101 | + | |
| 102 | + | |
| 103 | + | |
| 104 | + | |
88 | 105 | | |
89 | 106 | | |
90 | 107 | | |
| |||
0 commit comments