You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The NVMeCommand constant defined in gonvme_tcp_fc.go is insecure, because the path is not given. When the exec.Command runs then you are at the mercy of the PATH enviornment variable. It could be possible to set the PATH, add a mock "nvme" command, then execute gonvme which will execute the mock nvme. You must give the full path in the command constant to prevent this. This is a well known UNIX/Linux practice.
The text was updated successfully, but these errors were encountered:
The NVMeCommand constant defined in gonvme_tcp_fc.go is insecure, because the path is not given. When the exec.Command runs then you are at the mercy of the PATH enviornment variable. It could be possible to set the PATH, add a mock "nvme" command, then execute gonvme which will execute the mock nvme. You must give the full path in the command constant to prevent this. This is a well known UNIX/Linux practice.
The text was updated successfully, but these errors were encountered: