QProcess Security and KSaveFile::rcsBackupFile()
Gregory Hayes
syncomm at gmail.com
Thu Feb 2 09:02:43 GMT 2006
Allen,
That is a good point, I didn't think of the path issue! I believe the LSB
specifies /usr/bin as the RCS default, but other platforms may pop it in a
different part of the tree. Is there a way to just remove "." from the
QProcess $PATH? If not I would suggest "/bin:/usr/bin:/usr/local/bin" (but
someone could be creative and stick it in /opt/rcs-5.7/bin or something).
RCS is likely "rcs.exe" on Windows too, so we may need to massage that as
well (if it matters to QProcess).
As for binary files RCS handles them without issue. It was important to the
developers to make binary support as transparent as possible. Some binaries
may generate larger diffs after awhile, however so do 10 numbered backups.
;)
BTW - If it is worth it to anyone, I can add a class for returning a list of
the revisions and and opening a revision by rev number. I didn't see
anything else for retrieving backups in ksavefile.cpp so I left those out
for now.
Cheers!
Greg
-
On 2/1/06, Allen Winter <winter at kde.org> wrote:
>
> Hi,
>
> So we have an rcsBackupFile() method now in the KSaveFile class that uses
> RCS
> to implement backups. This is in addition to the simple (1 backup with an
> extension)
> and numbered (N backups) implementations.
>
> I'm not sure how well RCS handles binary files, but that's not the point
> of this message.
>
> rcsBackupFile() uses QProcess to run the commands 'rcs', 'co', and
> 'ci'. Greg didn't provide
> a fullpath, and I think this is a security problem. And what if the first
> 'rcs' in your $PATH doesn't
> happen to be the rcs you really want. Should we provide a fullpath? If
> so, are the RCS commands
> always in /usr/bin? Probably not guaranteed.
>
> I like the idea to QProcess a command like 'PATH=/usr/bin:/usr/local/bin
> rcs' instead of just 'rcs'.
> What is a good $PATH for this idea?
>
> I hate the idea:
> #if linux
> #define RCS_PATH "/usr/bin"
> #elif windows
> #define RCS_PATH 'c:/whatever/bin"
> #etc
> and then using QProcess on RCS_PATH + "/rcs"
>
> Other ideas? We looked for an RCS API library and didn't find any.
>
> -Allen
> --
> Let's Keep the Political Talk Out of KDE PLEASE
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20060202/b5f0cfb4/attachment.htm>
More information about the kde-core-devel
mailing list