[Bug 35896] Use XDG directories
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Mon Aug 27 16:51:55 CEST 2012
https://bugs.freedesktop.org/show_bug.cgi?id=35896
--- Comment #20 from Simon McVittie <simon.mcvittie at collabora.co.uk> 2012-08-27 14:51:55 UTC ---
(In reply to comment #16)
> If the file wasn't already restricted, its contents can be stolen by a very
> fast attacker - g_file_set_contents() respects the umask, unfortunately.
McdMaster already sets a private umask, so this is not a problem.
> Either chmod the parent directory before writing into it, or [...]
MC already sets umask. chmod is only necessary on platforms that have chmod but
not umask, or for files that could have existed before we used umask (MC 5.2.2
or platforms without umask).
Since only MC >= 5.13.x will ever have the new files added in this branch, and
umask is required by POSIX, my inclination is to rely on umask and not bother
with the (inherently race-prone unless you are really careful) chmod.
We might want to add:
#ifdef G_OS_UNIX
# ifndef HAVE_UMASK
# error MC relies on umask() for privacy on Unix systems
# endif
#endif
just to make sure?
Windows security is completely different anyway, and g_chmod() is ineffective
there, so, whatever. I hope we can assume that CSIDL_LOCAL_APPDATA is private.
--
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
More information about the telepathy-bugs
mailing list