bug-gnustep
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PATCH: NSPathUtilities etc


From: David Ayers
Subject: Re: PATCH: NSPathUtilities etc
Date: Thu, 04 Mar 2004 12:58:47 +0100
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040113

Sheldon Gill wrote:

Some more comments on NSPathUtilities.m. I think I'd be ready to commit
this after addressing these comments.


Excellent! I'd be happy to update my submission and work with you in it's integration.

I understand that you are trying to address complicated issues. I must admit that I'm not convinced that this is right approach. OTOH, I don't have the cycles to come up with a better solution so I won't stand in the way of progress. But I have a few mechanical issues I haven't addressed before. So I would be grateful if you could post your patch again, possibly in coherent separate posts so that the issues can be addressed individually. I know its extra work but I really think it is needed here.


/* Initialise all things required by this module */
void InitialisePathUtilities(void)


I'd like to keep support for the root .GNUsteprc file as well, at least
until we decide to depreciate it.


I thought that now was right time to do so. It does not add functionality, but the same level is provided by the new GNUstep.conf along with other benefits. One might consider the new configuration file a sort of upgrade of the old one, albeit one which requires changes and moving the file.

I think having a root .GNUsteprc which can over-ride GNUstep.conf makes things more complex without giving us any benefits.

I believe that it is important that we keep backward compatibility for a transition period, even if that's only a single major release cycle. (Note that we still have transition support for the old header structure. It's on my TODO list to remove this though.)

/**
* Returns loginName's home directory as an NSString object.
*/
 s = Win32GetUserProfileDirectory(loginName);

Does this look at HOMEPATH or USERPROFILE? Should we allow the user to
override this with HOMEPATH, etc, if not?


At the moment it looks at HOMEPATH first, followed by USERPROFILE. These are just environment variables and so can be overridden by the user.

I have code to get the real home path from API calls coming...
that'll mean no need for environment variables...

My -make changes follow the same logic but issue a warning about potential problems with spaces in the path.


/**
* Returns the name of a directory in which temporary files can be
stored.<br/ >
* For unix-like systems this is usually '/tmp'.<br/ >
* For MS-Windows systems this is the system temporary directory,
often '%WINDIR%\TEMP\'.<br/ >
*/
NSString
*NSTemporaryDirectory(void)

Why did you take out the creation of a secure subdirectory of temp?


This is a bigger question.

Firstly, the existing code isn't really secure. You can circumvent it. I looked at changing that but things start getting quite complex.

Secondly, the OpenStep and Cocoa behaviour is simply to return the temporary directory.

Now, what is the right behaviour from an API perspective? Well, on one hand we want a place where we can create temporary files in a secure and safe way. Often, the goal is a temporary file. Pure and simple. No need for a whole directory. On the other hand, sometimes we want to discover where {temp} actually is. For example, if I want to find "/tmp/.X11-unix".

Additionally, there are systems which use extended attributes and capabilities for more secure/flexible behaviour.

In light of these things, I think that the right thing for NSTemporaryDirectory() to do is to return the path to the temporary directory.

Thus it serves as the basis of all operations.
* If you want a secure directory in there write
MyTemporaryDirectory() which does the right things for your application and platform
* If you want a secure temp file write
MyCreateTempFile() which does the right things for your purposes
* If you want to find, use GSFindNamedFile( NSTemporaryDirectory(), ".X11-unix", nil) or whatever

It does pave the way for a library of routines to do these things in various ways for various platforms but I think this is a good thing. Creating a single use temporary file under POSIX is best done by calling (f)open with the create flag, limited mode and a difficult name to guess.
Doing the same conceptual thing under Win32 is different.

In short, I strove to make things more simple and straightforward. I feel this generally leads to more robust code that's both easier to use and maintain.

I can see how one can derive this from the documentation. But IMO, this definitely needs a transition period for code relying on the secureness of NSTemporaryDirectory(). First we need a major release which introduces something like a GSSecureTemporaryDirectory(), have NSTemporaryDirectory() return that same directory and prominently announce that NSTemporaryDirectory() won't return a secured directory but the system directory in future releases. We can then consider changing NSTemporaryDirectory() for the following major release.

Cheers,
David

PS: Maybe we should create a file in CVS tracking deprecated features/behavior to be reviewed after each major release branch is cut.





reply via email to

[Prev in Thread] Current Thread [Next in Thread]