Google Git
Sign in
dart / sdk / 3972f738ca4e91104e2d6dad9bb1f36147879e98
commit3972f738ca4e91104e2d6dad9bb1f36147879e98[log] [tgz]
authorJonas Termansen <sortie@google.com>Tue Jun 11 13:21:22 2019 +0000
committerJonas Termansen <sortie@google.com>Tue Jun 11 13:21:22 2019 +0000
tree99a63c53957c41b7d7878011942889bf17c49570
parenta356f64993a57964e60ce18031ee5e23a527102c [diff]
[security] [dart:io] Fix current directory being in front of PATH.

This is a security improvement.

On Linux and Android, starting a process with Process.run, Process.runSync
or Process.start would first search the current directory before searching
PATH (Issue [37101][]). Operating systems other than Linux and Android
didn't have this behavior and aren't affected by this vulnerability.

Effectively this puts the current working directory in the front of PATH,
even if it wasn't in the PATH.

This change fixes that vulnerability and only searches the directories in
the PATH environment variable.

Fixes https://github.com/dart-lang/sdk/issues/37101

Change-Id: I05f3137753237f9b3ba4be4eba63ad07a75d865e
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/105582
Reviewed-by: William Hesse <whesse@google.com>
3 files changed
tree: 99a63c53957c41b7d7878011942889bf17c49570
  1. .github/
  2. build/
  3. client/
  4. docs/
  5. pkg/
  6. runtime/
  7. samples/
  8. samples-dev/
  9. sdk/
  10. tests/
  11. third_party/
  12. tools/
  13. utils/
  14. .clang-format
  15. .gitattributes
  16. .gitconfig
  17. .gitignore
  18. .gn
  19. .mailmap
  20. .packages
  21. .vpython
  22. AUTHORS
  23. BUILD.gn
  24. CHANGELOG.md
  25. codereview.settings
  26. CONTRIBUTING.md
  27. DEPS
  28. LICENSE
  29. PATENTS
  30. PRESUBMIT.py
  31. README.dart-sdk
  32. README.md
  33. WATCHLISTS
README.md

Dart

A client-optimized language for fast apps on any platform

Dart is:

  • Optimized for UI: Develop with a programming language specialized around the needs of user interface creation

  • Productive: Make changes iteratively: use hot reload to see the result instantly in your running app

  • Fast on all platforms: Compile to ARM & x64 machine code for mobile, desktop, and backend. Or compile to JavaScript for the web

Dart has flexible compiler technology lets you run Dart code in different ways, depending on your target platform and goals:

  • Dart Native: For programs targeting devices (mobile, desktop, server, and more), Dart Native includes both a Dart VM with JIT (just-in-time) compilation and an AOT (ahead-of-time) compiler for producing machine code.

  • Dart Web: For programs targeting the web, Dart Web includes both a development time compiler (dartdevc) and a production time compiler (dart2js).

Dart platforms illustration

License & patents

Dart is free and open source.

See LICENSE and PATENTS.

Using Dart

Visit the dart.dev to learn more about the language, tools, getting started, and more.

Browse pub.dev for more packages and libraries contributed by the community and the Dart team.

Building Dart

If you want to build Dart yourself, here is a guide to getting the source, preparing your machine to build the SDK, and building.

There are more documents on our wiki.

Contributing to Dart

The easiest way to contribute to Dart is to file issues.

You can also contribute patches, as described in Contributing.