Danek Duvall wrote:
On Tue, Apr 07, 2009 at 04:50:40PM +0100, jmr wrote:
Shawn Walker wrote:
Padraig O'Briain wrote:
I have prepared another webrev,
http://cr.opensolaris.org/~padraig/ips-7852-v2/.
I think this addresses the concerns raised.
Instead of just hardcoding /var/tmp, why not use tempfile.mkdtemp?
Then just make sure that gets removed on exit.
You want this dbus session bus id to be shared by any instances of PM or UM
being run by root, so it needs to be located under /var/tmp. If its put
under a unique dir for each instance of PM or UM then it can't be shared
across the session, which is not the desired behavior.
Doesn't that imply that the name of the file is predictable? If so, what
happens if the file is already there and owned by someone else? Seems like
a vector ripe for attack.
The file is unique for the dbus session for that user on that machine:
~/.dbus/session-bus/9a0ea08dce46c0ecf3f16aa348525c34-0
Also, please use the pwd module to get root's home directory:
pwd.getpwnam('root').pw_dir
You should also probably test whether or not $HOME is writable, not what
the current uid is. Write a test file and remove it if you were
successful.
Ideally, catch whatever exception gets thrown by gtk or dbus
or whatever when it tries to write the socket, and try again with a reset
$HOME.
Nope - we do not want root to write to the user's $HOME dir, even if
root can, as it will stamp on any user dbus session owned by the user
and possibly being used by other apps. We need to set $HOME for root
only so we write to root's home dir if specified or /var/tmp if not. If
root can't write to its own home dir then we fall back sensibly on the
gconf access failures.
JR
Danek
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
