QProcess Security and KSaveFile::rcsBackupFile()

Allen Winter winter at kde.org
Fri Feb 3 01:05:53 GMT 2006

On Thursday 02 February 2006 04:02, Gregory Hayes wrote:
> Allen,
> That is a good point, I didn't think of the path issue! I believe the LSB
> specifies /usr/bin as the RCS default, but other platforms may pop it in a
> different part of the tree. Is there a way to just remove "." from the
> QProcess $PATH? If not I would suggest "/bin:/usr/bin:/usr/local/bin" (but
> someone could be creative and stick it in /opt/rcs-5.7/bin or something).
> RCS is likely "rcs.exe" on Windows too, so we may need to massage that as
> well (if it matters to QProcess).
I just committed a change that uses the $PATH you suggest.

> As for binary files RCS handles them without issue. It was important to the
> developers to make binary support as transparent as possible. Some binaries
> may generate larger diffs after awhile, however so do 10 numbered backups.
> ;)

> BTW - If it is worth it to anyone, I can add a class for returning a list of
> the revisions and and opening a revision by rev number. I didn't see
> anything else for retrieving backups in ksavefile.cpp so I left those out
> for now.
What we really want next is a KRevertFileDialog thing.
It should start a file open dialog pre-filtered on the file you are working on with the appropriate backup extensions,
i.e, it says here are all the backups for the file you are working.   The return value is the name of the backup selected
by the user.  

For the RCS backups, you need something a lot more complicated.  You need to display a list of all the versions
in the file,v (along with commit messages, sizes, etc).  Sorta like a Ark for RCS.   Hmm... there is Cervisia which
worked for CVS that may have code you can steal/borrow.  http://cervisia.kde.org/


> On 2/1/06, Allen Winter <winter at kde.org> wrote:
> >
> > Hi,
> >
> > So we have an rcsBackupFile() method now in the KSaveFile class that uses
> > RCS
> > to implement backups.  This is in addition to the simple (1 backup with an
> > extension)
> > and numbered (N backups) implementations.
> >
> > I'm not sure how well RCS handles binary files, but that's not the point
> > of this message.
> >
> > rcsBackupFile() uses QProcess to run the commands 'rcs', 'co', and
> > 'ci'.  Greg didn't provide
> > a fullpath, and I think this is a security problem.  And what if the first
> > 'rcs' in your $PATH doesn't
> > happen to be the rcs you really want.   Should we provide a fullpath?  If
> > so, are the RCS commands
> > always in /usr/bin?  Probably not guaranteed.
> >
> > I like the idea to QProcess a command like 'PATH=/usr/bin:/usr/local/bin
> > rcs' instead of just 'rcs'.
> > What is a good $PATH for this idea?
> >
> > I hate the idea:
> > #if linux
> > #define RCS_PATH "/usr/bin"
> > #elif windows
> > #define RCS_PATH 'c:/whatever/bin"
> > #etc
> > and then using QProcess on RCS_PATH + "/rcs"
> >
> > Other ideas?  We looked for an RCS API library and didn't find any.
> >
> > -Allen
> > --
> > Let's Keep the Political Talk Out of KDE PLEASE
> >

Let's Keep the Political Talk Out of KDE PLEASE

More information about the kde-core-devel mailing list