Le lundi 25 septembre 2006 à 10:56 +0100, Keith Packard a écrit : > On Mon, 2006-09-25 at 10:14 +0200, Frederic Crozat wrote: > > > This "HOME not set" bug has been there for years and I'm still convinced > > we should try to minimize it by using getpwent when HOME is not set > > (since some people might want to override their HOME, even if I'm not > > sure it is a good idea). > > I'm also unsure we should override what appears to be a common method > for avoiding issues with setuid programs; fontconfig itself explicitly > ignores $HOME when running setuid. Some idea as to the security > implications of writing (and reading) files from the getpwent value of > the home directory would be very useful to have. Who can we ask? Maybe glib people ? > > I'll be happy to hack a patch for it (I did one a loong time ago) if it > > is going to be accepted for merge. > > Let's figure out where we want to store files when $HOME isn't set, > either something in /tmp or finding the home directory from getpwent > both seem possible, I also see potential issues with both. I wasn't implying not to fix the $HOME isn't set case, of course. Just making sure we don't hit this case too often. BTW, if we go to the /tmp path, a corner case to remember is when /tmp isn't readable by anybody (I know, it might sound strange, but some paranoiac people use this settings ;) -- Frederic Crozat <fcrozat@xxxxxxxxxxxx> Mandriva _______________________________________________ Fontconfig mailing list Fontconfig@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/fontconfig
