[Fontconfig] What to do with $HOME is unset
Frederic Crozat
fcrozat at mandriva.com
Mon Sep 25 04:20:24 PDT 2006
Le lundi 25 septembre 2006 à 10:56 +0100, Keith Packard a écrit :
> On Mon, 2006-09-25 at 10:14 +0200, Frederic Crozat wrote:
>
> > This "HOME not set" bug has been there for years and I'm still convinced
> > we should try to minimize it by using getpwent when HOME is not set
> > (since some people might want to override their HOME, even if I'm not
> > sure it is a good idea).
>
> I'm also unsure we should override what appears to be a common method
> for avoiding issues with setuid programs; fontconfig itself explicitly
> ignores $HOME when running setuid. Some idea as to the security
> implications of writing (and reading) files from the getpwent value of
> the home directory would be very useful to have. Who can we ask?
Maybe glib people ?
> > I'll be happy to hack a patch for it (I did one a loong time ago) if it
> > is going to be accepted for merge.
>
> Let's figure out where we want to store files when $HOME isn't set,
> either something in /tmp or finding the home directory from getpwent
> both seem possible, I also see potential issues with both.
I wasn't implying not to fix the $HOME isn't set case, of course. Just
making sure we don't hit this case too often.
BTW, if we go to the /tmp path, a corner case to remember is when /tmp
isn't readable by anybody (I know, it might sound strange, but some
paranoiac people use this settings ;)
--
Frederic Crozat <fcrozat at mandriva.com>
Mandriva
More information about the Fontconfig
mailing list