Re: [gamin] updated patch

From: Daniel Veillard <veillard redhat com>
To: John McCutchan <ttb tentacle dhs org>
Cc: gamin-list gnome org
Subject: Re: [gamin] updated patch
Date: Mon, 9 Aug 2004 11:06:42 -0400

On Sun, Aug 08, 2004 at 04:41:03PM -0400, John McCutchan wrote:
> Here is an updated patch to apply to HEAD. Same stuff
> as last one + inotify change. 
> 
> I tried using getlogin() but that doesn't work because
> we don't have a controlling TTY. 
> 
> getlogin's man page says to use getpwuid(geteuid()) instead of
> cuserid(). We could use $USER? I don't know what the best solution is..
> but getlogin() won't work.

  Excellent, applied thanks !
However there is a few problem:
  - your patch misses lib/Makefile.am :-)
  - the "gam_fork() will try and execute the gam_server in the builddir"
    change need to be desactivated for now, it's a security problem.
    for example suppose it's build by rpm under /var/tmp/rpm-gamin,
    then a malicious user could fool clients to run a rogue binary put
    in that place. This should be forbidden at runtime. Using $PATH should
    be quite safer.

  Not commited yet until I fix at least the first problem.

Daniel

-- 
Daniel Veillard      | Red Hat Desktop team http://redhat.com/
veillard redhat com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/

Follow-Ups:
- Re: [gamin] updated patch
  - From: Daniel Veillard

References:
- [gamin] updated patch
  - From: John McCutchan

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]