KDE4 Patch to allow testing/execution of uninstalled kparts/XMLGUI applications

David Faure faure at kde.org
Tue Aug 9 02:58:37 BST 2005


On Tuesday 09 August 2005 03:30, Adam Treat wrote:
> I understood it to mean a new command line argument that would specify 
> the .krcdirs filename.  This way, if the flag isn't present, everything takes 
> place as normal.  I can't really see where this is a big security 
> improvement, but I could take this approach instead, rather than use the 
> current working directory...  
> 
> It wouldn't mean anything other than the app would have to be executed with 
> the a '--resources' command line parameter in order to run locally...  Does 
> this sound better to you, David?  Or do you think we should just go with the 
> CWD?

I see so many people run "./kmyapp" and it fails (no menus, no icons etc.), I think
we should make it work out of the box. Just like libtool solves that problem for
shared libraries, we should solve it for kde resources. I can't see where the security
issue comes from - yes someone can install a file which will then be used at runtime,
but they can do just the same with shared libs already. 

IMHO we should go with the CWD, otherwise it defeats the purpose altogether 
(people who understandthe KDE resource mechanism know that they have to 
"make install" first, this fix is for those who don't - so they wouldn't know 
about a cmdline option either).

-- 
David Faure, faure at kde.org, sponsored by Trolltech to work on KDE,
Konqueror (http://www.konqueror.org), and KOffice (http://www.koffice.org).





More information about the kde-core-devel mailing list