That one would also send more data to the other VM that what we
intended: the start of the env var data (which in similar code
on my host includes the GPG agent socket path, XDG session cookie,
and more.
The other side expects a fixed size though, so pad with NULs.
Interestingly, the original code was not vulnerable as it was
callocing enough space.
This time it is for cups, which have socket-based and path-based
activators. When activator tires to start the service which is disabled
by condition file it enters infinite loop (as service wont start, but
will not report an error).
This reverts commit 047a7a0b23.
Actually some g-s-d plugins are helpful, for example notification of low
disk space. Also we've already disabled keyboard plugin.
read() syscall do not guarantee to read as much data as requested. This
is especially important when reading from pipe - remote end can produce
data slower than we are reading them. Use read_all() helper to always
get requested amount of data.
Assume that all the files of directory are in continuous block (which is
true in case of qvm-backup stream). This will allow to terminate before
getting to the file end - especially useful when only qubes.xml
requested.
MIME-info database contains multiple entries for *.png, namely image/png
and image/x-apple-ios-png. The later one doesn't have associated handler
program, but this one is selected by mimeopen tool.
Not sure how this tool should behave in case of multiple matches (IOW is
it a bug in File::MimeInfo perl module used by mimeopen). Instead of
switching to different tool, which probably will break other files
(check #423), add override for this particular file type.
MIME-info database contains multiple entries for *.png, namely image/png
and image/x-apple-ios-png. The later one doesn't have associated handler
program, but this one is selected by mimeopen tool.
Not sure how this tool should behave in case of multiple matches (IOW is
it a bug in File::MimeInfo perl module used by mimeopen). Instead of
switching to different tool, which probably will break other files
(check #423), add override for this particular file type.