Review Request 128219: No longer allow installing to generic data folder because of security hole.

David Faure faure at kde.org
Fri Jun 17 19:04:23 UTC 2016 


> On June 17, 2016, 7:36 a.m., David Faure wrote:
> > src/core/installation.cpp, line 365
> > <https://git.reviewboard.kde.org/r/128219/diff/1/?file=469097#file469097line365>
> >
> >     Should this code get support for "appdata" then?
> >      (typically share/kmyapp)
> >      
> >     Otherwise I don't see where application data would get installed anymore.
> >     
> >     Am I right that there must be lots of apps using "data" right now, for lack of "appdata" support?
> >     Surely not every app using knewstuff, is using it for "tmp" or "config" files....
> 
> Jeremy Whiting wrote:
>     I have a build of most of the "official" kde applications here. Not all of the possible .knsrc files by any means, but a good selection most likely. Looking at what I have here all uses of StandardResource were either tmp or wallpapers. Most applications use TargetDir instead and specify a path within appdata. apps/kvtml, color-schemes, cantor/examples etc. I couldn't see any at all here that are using StandardResource=data directly.
>     
>     I guess I should do a more thorough search on lxr.kde.org though.
>     
>     Ok, doing that https://lxr.kde.org/search?_filestring=.knsrc&_string=StandardResource&_casesensitive=1 shows all StandardResource= being tmp or wallpaper. No uses of "data" at all.

Ah, I see. appdata is supported, as the empty string ;-)
Sounds good.


- David


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/128219/#review96621
-----------------------------------------------------------


On June 17, 2016, 1:55 a.m., Jeremy Whiting wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/128219/
> -----------------------------------------------------------
> 
> (Updated June 17, 2016, 1:55 a.m.)
> 
> 
> Review request for KDE Frameworks, David Faure and Richard Moore.
> 
> 
> Repository: knewstuff
> 
> 
> Description
> -------
> 
> When an application uses TargetDir=/ or StandardResource=data give a warning on the terminal and don't use the chosen location.
> 
> 
> Diffs
> -----
> 
>   src/core/installation.cpp cbd0653 
> 
> Diff: https://git.reviewboard.kde.org/r/128219/diff/
> 
> 
> Testing
> -------
> 
> No testing done yet, will write a unit test of some kind if this is the right direction.
> 
> 
> Thanks,
> 
> Jeremy Whiting
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20160617/b705a20b/attachment.html>

More information about the Kde-frameworks-devel mailing list