[PATCH] Make startkde work with not-default KDETMP and KDEVARTMP

Andras Mantia amantia at kde.org
Tue Jan 15 07:41:42 GMT 2008

On Tuesday 15 January 2008, Dirk Mueller wrote:
> On Wednesday 09 January 2008, Andras Mantia wrote:
> > Comments are welcome.
> The patch opens a security vulnerability if $KDETMP is within a world
> writeable directory. I see it was not committed (which is good), just
> mentioning it in case somebody reconsiders and commits the patch.
> Greetings,
> Dirk

I assume the same issue is with the lnusertemp patch David posted, 

Or the below check is enough there?

if (stat_buf.st_uid != getuid())
     fprintf(stderr, "Error: \"%s\" is owned by uid %d instead of uid 
%d.\n", tmp_dir, stat_buf.st_uid, getuid());
     return 1;


Quanta Plus developer - http://quanta.kdewebdev.org
K Desktop Environment - http://www.kde.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20080115/c8b200bf/attachment.sig>

More information about the kde-core-devel mailing list