[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GNUstep-packagers] patch for observance of $HOME
|
From: |
Matt Rice |
|
Subject: |
Re: [GNUstep-packagers] patch for observance of $HOME |
|
Date: |
Fri, 6 Aug 2004 00:36:51 -0700 (PDT) |
personally I don't think we should trust environment
variables for reasons in the archive..
http://lists.gnu.org/archive/html/bug-gnustep/2003-11/msg00015.html
and would rather if we did something like cleanse
make/GNUstep.sh of writes to the user root, so that it
isn't breaking the sandbox if possible, so he doesn't
have to redirect $HOME to a directory inside the
sandbox (if i grok)
maybe by setting an environment variable before
sourcing GNUstep.sh to disable running make_services
and stuff
--- Adam Fedor <fedor@doc.com> wrote:
> Any comments on this patch (and, presumably, a
> similar one for make)?
> I don't see any problem with trusting environment
> variables (we trust
> other ones). and the user would need permission to
> read defaults, etc
> from another user...
>
> On Jul 25, 2004, at 6:04 PM, Armando Di Cianno
> wrote:
>
> > I know this has been discussed previously, and
> both Debian and Gentoo
> > (heh, me), have had issues with GNUstep.sh, it's
> use of make_services,
> > and assumptions about the user environment.
> >
> > Problems became apparent to me, using Gentoo's
> portage sandox, that
> > the installation of the GNUstep libraries, which
> except for
> > gnustep-make, is dependant on GNUstep.sh, assumes
> that the use of a
> > user's "proper" $HOME is available, and ignore's
> the environment's
> > "configured" $HOME.
> >
> > Being able to configure the $HOME environment
> variable has made the
> > package management nightmares I was having go
> away. I've put together
> > a patch that effects NSUser.m in -base and
> user_home.c in -make.
> >
> > I've thought a lot about possible consequences,
> and the only one I can
> > come up with is "Is the getenv() function secure
> enough on all
> > platforms we support?" For this reason, I ask
> that anyone please go
> > over this patch for GNUstep-ness, go over for
> coding correctness and
> > security, and don't flame me too bad 'cause I know
> this was discussed
> > and supposedly solved already.
> >
> > Thanks,
> > __Armando Di Cianno
>
> ATTACHMENT part 2 application/octet-stream
x-unix-mode=0444; name=base-nsuser-home-fix.patch
> _______________________________________________
> Bug-gnustep mailing list
> Bug-gnustep@gnu.org
> http://lists.gnu.org/mailman/listinfo/bug-gnustep
>
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail
- Re: [GNUstep-packagers] patch for observance of $HOME, Adam Fedor, 2004/08/06
- Re: [GNUstep-packagers] patch for observance of $HOME,
Matt Rice <=
- Re: [GNUstep-packagers] patch for observance of $HOME, Rogelio Serrano, 2004/08/06
- Re: [GNUstep-packagers] patch for observance of $HOME, Richard Frith-Macdonald, 2004/08/06
- Re: [GNUstep-packagers] patch for observance of $HOME, Armando Di Cianno, 2004/08/06
- Re: [GNUstep-packagers] patch for observance of $HOME, Sheldon Gill, 2004/08/07
- Re: [GNUstep-packagers] patch for observance of $HOME, Richard Frith-Macdonald, 2004/08/07
- Re: [GNUstep-packagers] patch for observance of $HOME, Sheldon Gill, 2004/08/07
- Re: [GNUstep-packagers] patch for observance of $HOME, Richard Frith-Macdonald, 2004/08/07
- Re: [GNUstep-packagers] patch for observance of $HOME, Richard Frith-Macdonald, 2004/08/07
- Re: [GNUstep-packagers] patch for observance of $HOME, Rogelio M . Serrano Jr ., 2004/08/07
- Re: [GNUstep-packagers] patch for observance of $HOME, Richard Frith-Macdonald, 2004/08/07