Re: Building full path before executing a GNOME binary.

From: Havoc Pennington <hp redhat com>
To: Hema Seetharamaiah <hema seetharamaiah wipro com>
Cc: desktop-devel-list gnome org
Subject: Re: Building full path before executing a GNOME binary.
Date: 30 May 2002 08:05:35 -0400

Hema Seetharamaiah <hema seetharamaiah wipro com> writes:> 
> GNOME ( e.g. : nautilus, gnome-login-check ) commands are being executed
> in the code via calls like system(), g_spawn_command_line_sync(),
> etc.

g_spawn doesn't search path by default, only if you specify
G_SPAWN_SEARCH_PATH.  Most uses should probably not search the path
and should just assume all of GNOME is in the same prefix.

> Since there is a dependency on the PATH variable to locate the binary,
> it can be a security concern. 

Can be, but is not always, I expect. 

> Could we perhaps have a global place ( variable/xml file ) where the
> GNOME install paths are available from which the command, complete with
> full path, can be constructed and executed?

We search for most things in the GNOME_PATH environment variable, but
that isn't any better than PATH for this (it's worse, it's
nonstandard).

IMO a complicated solution here is overengineering, we should just
hardcode the paths when something is security-sensitive. GNOME is not
realistically "piecemeal relocatable" (you can't install some of the
desktop in one prefix and other bits of it in another).

Havoc

Follow-Ups:
- Re: Building full path before executing a GNOME binary.
  - From: Hema Seetharamaiah

References:
- Building full path before executing a GNOME binary.
  - From: Hema Seetharamaiah

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]