|author||Jonas Termansen <email@example.com>||Tue Jun 11 13:21:22 2019 +0000|
|committer||Jonas Termansen <firstname.lastname@example.org>||Tue Jun 11 15:29:05 2019 +0200|
[security] [dart:io] Fix current directory being in front of PATH. This is a security improvement. On Linux and Android, starting a process with Process.run, Process.runSync or Process.start would first search the current directory before searching PATH (Issue ). Operating systems other than Linux and Android didn't have this behavior and aren't affected by this vulnerability. Effectively this puts the current working directory in the front of PATH, even if it wasn't in the PATH. This change fixes that vulnerability and only searches the directories in the PATH environment variable. Fixes https://github.com/dart-lang/sdk/issues/37101 Change-Id: I05f3137753237f9b3ba4be4eba63ad07a75d865e Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/105582 Reviewed-by: William Hesse <email@example.com>
Dart is an open-source, scalable programming language, with robust libraries and runtimes, for building web, server, and mobile apps.
Browse pub.dartlang.org for more packages and libraries contributed by the community and the Dart team.
If you want to build Dart yourself, here is a guide to getting the source, preparing your machine to build the SDK, and building.
There are more documents on our wiki.
The easiest way to contribute to Dart is to file issues.
You can also contribute patches, as described in Contributing.