relative paths in Exec= in .desktop and .service files
Jon Watte
jwatte at gmail.com
Wed Sep 10 12:31:44 PDT 2014
>
> I also fail to see how having a token is any better than declaring relative
> paths to be searched from $PWD. Can you shed more light on this suggestion?
$PWD is something that a user or administrator may change for many
different reasons, not to mention it's different per-user. Relying on this
for dbus invocation may lead to all kinds of hard-to-debug surprises and
perhaps open up attack vectors.
Tying yet-another-thing into that same environment value means that you tie
more opportunities for failure into a thing users typically fiddle with.
If the goal is to support alternative or non-standard or isolated installs
of dbus, then having one place that defines what "search start" means FOR
THAT INSTALL would be the most robust and secure solution,.
On Windows, that might be a registry value that is specific to dbus.
On Linux, that could be a symlink in /etc/alternatives, for example. (This
is an illustrative example, not a soup-to-nuts considered proposal)
However, I think the system would be simpler and more secure if relative
search just didn't exist. If the only actual, needed-right-now, reason to
introduce relative search is for Windows support, then I don't think that
use case is important enough to relax the potential security and complexify
the implementation and administration.
Sincerely,
jw
Sincerely,
Jon Watte
--
"I find that the harder I work, the more luck I seem to have." -- Thomas
Jefferson
On Wed, Sep 10, 2014 at 11:40 AM, Thiago Macieira <thiago at kde.org> wrote:
> On Tuesday 09 September 2014 18:01:55 Jon Watte wrote:
> > > Simon's email explained the use-case: relocatable installations,
> > > especially on
> > > Windows.
> >
> > I don't think that's strong enough to open up a security can of worms.
> > If you want relocation, use some token system (like how Scons has "#" for
> > "root of build")
> > And if the main use case is for Windows, then again I'd look carefully at
> > actual numbers of users/installs and ability to capture that market, and
> > discount the value of that support appropriately.
> > Maybe not everyone agrees with that sentiment, but it's a largely
> > observable truth :-)
>
> If you feel there are security implications, please say so. If there are
> issues, then the desktop spec needs to address them one way or another. We
> could choose one of Simon's three suggestions or outright ban the practice.
> But all desktops need to be fixed to deal with this correctly.
>
> I also fail to see how having a token is any better than declaring relative
> paths to be searched from $PWD. Can you shed more light on this suggestion?
>
> In any case, D-Bus would like to follow the same specification as .desktop
> files, but it could diverge if necessary to meet its unique requirements.
>
> --
> Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
> Software Architect - Intel Open Source Technology Center
> PGP/GPG: 0x6EF45358; fingerprint:
> E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/dbus/attachments/20140910/9530a73c/attachment.html>
More information about the dbus
mailing list