Review Request 111636: Port away from kde_file.h in AuthInfo (KIO)

David Gil Oliva davidgiloliva at gmail.com
Tue Jul 23 20:24:09 UTC 2013



> On July 23, 2013, 11:19 a.m., David Faure wrote:
> > staging/kio/src/core/authinfo.cpp, line 324
> > <http://git.reviewboard.kde.org/r/111636/diff/1/?file=172718#file172718line324>
> >
> >     For some reason Qt has a Q_FOREVER() macro for this. I admit that I'm not sure what it difference it makes compared to while(true) though....
> 
> Alex Merry wrote:
>     #define Q_FOREVER for(;;)
>     
>     I'm going to go with "none whatsoever".

Alex: I'm sorry, I don't understand what you mean...    ?:-/


> On July 23, 2013, 11:19 a.m., David Faure wrote:
> > staging/kio/src/core/authinfo.cpp, line 482
> > <http://git.reviewboard.kde.org/r/111636/diff/1/?file=172718#file172718line482>
> >
> >     The old didn't have such a strict permission checking. Is it intended to be strict? Or would it be enough to check if open(ReadOnly) succeeds or fails?

IMHO, it actually did:

  // Security check!!
  if ( sbuff.st_mode != (S_IFREG|S_IRUSR|S_IWUSR) ||
       sbuff.st_uid != geteuid() )
       return -1;

.netrc must be 600: nobody except the user has permission to read and write it. Keep in mind that we're dealing with logins and passwords.

Explanation: http://www.mavetju.org/unix/netrc.php


- David


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/111636/#review36282
-----------------------------------------------------------


On July 21, 2013, 11:41 p.m., David Gil Oliva wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://git.reviewboard.kde.org/r/111636/
> -----------------------------------------------------------
> 
> (Updated July 21, 2013, 11:41 p.m.)
> 
> 
> Review request for KDE Frameworks.
> 
> 
> Description
> -------
> 
> Port away from kde_file.h in AuthInfo (KIO)
> 
> I have tried not to touch much code, but I finally rewrote some parts to make them easier to understand.
> 
> 
> Diffs
> -----
> 
>   staging/kio/src/core/authinfo.h d6415b2f2e9ccec7c3e046f569fb44dbbc879d6b 
>   staging/kio/src/core/authinfo.cpp 65ebacf84e989f19f1b896c596a6b24185c67447 
> 
> Diff: http://git.reviewboard.kde.org/r/111636/diff/
> 
> 
> Testing
> -------
> 
> It builds. I have tested the part of the code not related to loginMap with a little program and .netrc sample files, to check whether it correctly parses the information.
> 
> 
> Thanks,
> 
> David Gil Oliva
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20130723/fabbaece/attachment.html>


More information about the Kde-frameworks-devel mailing list