[Development] Making QObject::dumpObjectTree() and QObject::dumpObjectInfo() invokable
Richard Moore
rich at kde.org
Wed Mar 7 12:30:33 CET 2018
On 6 March 2018 at 14:06, Kevin Kofler <kevin.kofler at chello.at> wrote:
> Mitch Curtis wrote:
> > https://codereview.qt-project.org/#/c/221758/ makes
> > QObject::dumpObjectTree() and QObject::dumpObjectInfo() invokable so that
> > they can be used from QML.
>
> Would this have any security impact? I'm thinking of issues like ASLR
> bypass
> or other information leakage, if these end up being invokable from
> untrusted
> scripts. Or is all the information contained there already available to
> QML?
>
>
QML is not safe to run untrusted scripts period.
Rich.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/development/attachments/20180307/d0d5f1ce/attachment.html>
More information about the Development
mailing list