[PATCH] Make startkde work with not-default KDETMP and KDEVARTMP
amantia at kde.org
Tue Jan 15 07:41:42 GMT 2008
On Tuesday 15 January 2008, Dirk Mueller wrote:
> On Wednesday 09 January 2008, Andras Mantia wrote:
> > Comments are welcome.
> The patch opens a security vulnerability if $KDETMP is within a world
> writeable directory. I see it was not committed (which is good), just
> mentioning it in case somebody reconsiders and commits the patch.
I assume the same issue is with the lnusertemp patch David posted,
Or the below check is enough there?
if (stat_buf.st_uid != getuid())
fprintf(stderr, "Error: \"%s\" is owned by uid %d instead of uid
%d.\n", tmp_dir, stat_buf.st_uid, getuid());
Quanta Plus developer - http://quanta.kdewebdev.org
K Desktop Environment - http://www.kde.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 194 bytes
Desc: This is a digitally signed message part.
More information about the kde-core-devel