[RFC] Extensions

Kevin Cox kevincox at kevincox.ca
Mon Dec 19 22:47:26 CET 2016


Are there any security provisions? I don't really want to have RCE
vulnerabilities in the store. Right now if someone can write to my store
they can only really cause confusion and possibly data loss. This sounds
like it will allow them to run code as me. I get that you need to type the
name, but since the `pass $entry` fallback is so convenient I use it often,
so if someone created a `facebook.com.bash` extension I would probably run
it by accident before too long.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20161219/f31e0dc2/attachment.html>


More information about the Password-Store mailing list