[PATCH] Make startkde work with not-default KDETMP and KDEVARTMP
Andras Mantia
amantia at kde.org
Tue Jan 15 07:41:42 GMT 2008
On Tuesday 15 January 2008, Dirk Mueller wrote:
> On Wednesday 09 January 2008, Andras Mantia wrote:
> > Comments are welcome.
>
> The patch opens a security vulnerability if $KDETMP is within a world
> writeable directory. I see it was not committed (which is good), just
> mentioning it in case somebody reconsiders and commits the patch.
>
> Greetings,
> Dirk
I assume the same issue is with the lnusertemp patch David posted,
right?
Or the below check is enough there?
if (stat_buf.st_uid != getuid())
{
fprintf(stderr, "Error: \"%s\" is owned by uid %d instead of uid
%d.\n", tmp_dir, stat_buf.st_uid, getuid());
return 1;
}
Andras
--
Quanta Plus developer - http://quanta.kdewebdev.org
K Desktop Environment - http://www.kde.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20080115/c8b200bf/attachment.sig>
More information about the kde-core-devel
mailing list