Alan/Joerg: Thanks for the comments. I posed a question on the zfs-discuss mailing list to get help changing the code to use acl() functions instead of calling system().
http://mail.opensolaris.org/pipermail/zfs-discuss/2008-December/053645.html However, for now, I think just calling system solves the immediate problem of text-to-speech not working on Indiana, which is important to fix. I'll update the patch when I have time to make the code more smart. Since we are likely moving to the new GDM rewrite in the 2.26 timeframe, I will need to rework this patch anyway for the new version of GDM. That might be a better time to address this issue. Rather than fixing this via a patch, I went ahead and spun a new release of GDM (2.20.9) since there were already a lot of patches that needed to be released upstream anyway. Now this new release is in the 2.24 stable and SVN head spec-files branch. Now the code uses the full path to chmod, and looks as follows (spacing slighly modified for readability): } else if (acl_flavor & _ACL_ACE_ENABLED) { system ("/usr/bin/chmod A+user:gdm:rwx:allow /dev/audio"); system ("/usr/bin/chmod A+user:gdm:rwx:allow /dev/audioctl"); } Note that GDM wouldn't likely get confused and use the /usr/gnu/bin/chmod command since the /usr/gnu/bin directory is added to PATH via the default $HOME/.profile, which wouldn't be used by the GDM daemon. However, you are right, it's better to specify the full path, so it does that now. >> (Sorry, but system() always strikes me as lazy and inefficient >> programming.) > > system() opens a security hole unless you call it with sane values > of the environment variables PATH= and IFS= > > >> If you must use system(), you must specify the path to chmod to >> avoid getting the /usr/gnu/bin version on Indiana, which doesn't >> do ZFS ACL's ( http://defect.opensolaris.org/bz/show_bug.cgi?id=947 ). > > This must be done even if you call exec*() directly. > > J?rg
