Patch isn't only used for source code. I wouldn't have expected any risk of mali... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mrob on April 5, 2018 \| parent \| context \| favorite \| on: Patch runs ed, and ed can run anything Patch isn't only used for source code. I wouldn't have expected any risk of malicious code execution if I was patching documentation.

jwilk on April 5, 2018 [–]

Even for source, you may want to review the patch after applying it.

For example, dpkg-source applies patches when you unpack source package. I don't think anybody expects code execution when unpacking stuff, even when this stuff is untrusted.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact