From bf9c3cbc8360b39011bd36e72cf237e2f38d13b6 Mon Sep 17 00:00:00 2001 From: Remco Burema Date: Tue, 17 May 2022 11:42:43 +0200 Subject: [PATCH] Secure another 'environment-settable via Qt' DLL. SEC-258 a.k.a. CURA-8969 --- cura_app.py | 1 + 1 file changed, 1 insertion(+) diff --git a/cura_app.py b/cura_app.py index 03399b5614..0290049c28 100755 --- a/cura_app.py +++ b/cura_app.py @@ -18,6 +18,7 @@ import os if sys.platform != "linux": # Turns out the Linux build _does_ use this, but we're not making an Enterprise release for that system anyway. os.environ["QT_PLUGIN_PATH"] = "" # Security workaround: Don't need it, and introduces an attack vector, so set to nul. os.environ["QML2_IMPORT_PATH"] = "" # Security workaround: Don't need it, and introduces an attack vector, so set to nul. + os.environ["QT_OPENGL_DLL"] = "" # Security workaround: Don't need it, and introduces an attack vector, so set to nul. from PyQt5.QtNetwork import QSslConfiguration, QSslSocket