KDE4 Patch to allow testing/execution of uninstalled kparts/XMLGUI applications

Friedrich W. H. Kossebau Friedrich.W.H at kossebau.de
Tue Aug 9 11:36:13 BST 2005


Am Dienstag, 9. August 2005 03:58, schrieb David Faure:
> On Tuesday 09 August 2005 03:30, Adam Treat wrote:
> > I understood it to mean a new command line argument that would specify
> > the .krcdirs filename.  This way, if the flag isn't present, everything
> > takes place as normal.  I can't really see where this is a big security
> > improvement, but I could take this approach instead, rather than use the
> > current working directory...
> >
> > It wouldn't mean anything other than the app would have to be executed
> > with the a '--resources' command line parameter in order to run
> > locally...  Does this sound better to you, David?  Or do you think we
> > should just go with the CWD?
>
> I see so many people run "./kmyapp" and it fails (no menus, no icons etc.),
> I think we should make it work out of the box. 

If they are able to put a "./" before the app they are also able to put a 
parameter behind. Another idea: Check if the arg0 has "./" before and then 
take this as the security parameter perhaps?

> Just like libtool solves 
> that problem for shared libraries, we should solve it for kde resources. I
> can't see where the security issue comes from - yes someone can install a
> file which will then be used at runtime, but they can do just the same with
> shared libs already.

Oh. In which way?

> IMHO we should go with the CWD, otherwise it defeats the purpose altogether
> (people who understandthe KDE resource mechanism know that they have to
> "make install" first, this fix is for those who don't - so they wouldn't
> know about a cmdline option either).

If you develop inside your stable KDE version you might not want to install 
your development things globally. Especially if it throws all kind of files 
over the place without proper packet management.

Regards
Friedrich
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20050809/908f2d5e/attachment.sig>


More information about the kde-core-devel mailing list