Re: GConf, local lock and TMPDIR

From: Frederic Crozat <fcrozat mandrakesoft com>
To: gconf <gconf-list gnome org>
Subject: Re: GConf, local lock and TMPDIR
Date: Tue, 21 Oct 2003 10:04:13 +0200

?? ? A
> Hi Frederic,
> 
> On Tue, 2003-10-14 at 17:10, Frederic Crozat wrote:
> > This problem is supposed to be fixed in 2.4 using local lock workaround.
> > Unfortunately, gconf is using g_get_tmp_dir to get temporary directory..
> > This is a problem when user set TMPDIR variable to $HOME/tmp (this is by
> > default on Mdk system)..
> 
> 	Sigh; we did the same thing in ORBit2 / bonobo-activation-server -
> precisely because people filed bugs saying "Not using TMPDIR".
> 
> 	Is this another one of those high-(low)-security features like the
> "can't list /tmp" which opens the secure socket dir DOS hole on Mdk only
> ? :-)

Hey, how did you guessed that ? :)

In fact, all users with security level >= 2 (ie almost all users, since
default security level is 2) will get TMPDIR set to $HOME/tmp.

BTW, I still have my /tmp not readable patch floating around for ORBit2
:)

> > I'd like to force use of "/tmp" in gconf-internal.c and
> > gconf-sanity-check when local_lock are used.
> 
> 	We should standardise on some "REAL_TMPDIR" type environment variable
> for ORBit2 / b-a-s too.

Hmm, REAL_TMPDIR isn't very explicit.. Maybe LOCAL_TMPDIR would be
better..

I don't know..

I haven't apply fixed patch to GConf, so maybe we should try to choose a
better name for this variable and use it where it matters in GNOME..

-- 
Frederic Crozat <fcrozat mandrakesoft com>
Mandrakesoft

References:
- GConf, local lock and TMPDIR
  - From: Frederic Crozat
- Re: GConf, local lock and TMPDIR
  - From: Michael Meeks

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]