Re: [gamin] updated patch

From: Daniel Veillard <veillard redhat com>
To: John McCutchan <ttb tentacle dhs org>
Cc: gamin-list gnome org
Subject: Re: [gamin] updated patch
Date: Tue, 10 Aug 2004 04:55:36 -0400

On Mon, Aug 09, 2004 at 11:06:42AM -0400, Daniel Veillard wrote:
> On Sun, Aug 08, 2004 at 04:41:03PM -0400, John McCutchan wrote:
> > Here is an updated patch to apply to HEAD. Same stuff
> > as last one + inotify change. 
> > 
> > I tried using getlogin() but that doesn't work because
> > we don't have a controlling TTY. 
> > 
> > getlogin's man page says to use getpwuid(geteuid()) instead of
> > cuserid(). We could use $USER? I don't know what the best solution is..
> > but getlogin() won't work.
> 
>   Excellent, applied thanks !
> However there is a few problem:
>   - your patch misses lib/Makefile.am :-)
>   - the "gam_fork() will try and execute the gam_server in the builddir"
>     change need to be desactivated for now, it's a security problem.
>     for example suppose it's build by rpm under /var/tmp/rpm-gamin,
>     then a malicious user could fool clients to run a rogue binary put
>     in that place. This should be forbidden at runtime. Using $PATH should
>     be quite safer.
> 
>   Not commited yet until I fix at least the first problem.

  okay, it's in CVS, thanks !

Daniel

-- 
Daniel Veillard      | Red Hat Desktop team http://redhat.com/
veillard redhat com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/

References:
- [gamin] updated patch
  - From: John McCutchan
- Re: [gamin] updated patch
  - From: Daniel Veillard

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]