Trolltech <-> KDE contact point for critical issues
Dirk Mueller
mueller at kde.org
Sat Jul 15 21:44:10 BST 2006
On Saturday, 15. July 2006 10:44, Simon Hausmann wrote:
> But I think Dirk also had some security concerns. Dirk, do you remember the
> details?
I think it didn't operate on the fd at some point in time, but looking at it
now, I think it does. It also uses O_EXCL and does not create world readable
files. Besides being broken on NFS, this should be fine. Then again, the
person who puts temporary files on NFS should be shot anyway.
My biggest concern right now though is that there doesn't seem to be a way to
put the default temp file location into KStandardDirs "temp" ressource - it
seems to default to QDir::tempPath(), which can neither be configured nor
respects KDETMP or TMP environment variables. If it does make sense to keep
that KStandardDirs way of doing things around for KDE 4 is a totally
different topic though, which I'm undecided about.
Dirk
More information about the kde-core-devel
mailing list