Bug#423658: gnome-screensaver: doesn't honour TMPDIR
Sven Arvidsson
sa at whiz.se
Thu Aug 30 19:32:56 UTC 2007
On Thu, 2007-08-30 at 11:46 +0200, Piotr Kaczuba wrote:
> W dniu 2007-08-29 22:31, Sven Arvidsson pisze:
> > On Mon, 2007-05-28 at 20:27 +0200, Piotr Kaczuba wrote:
> >> On 2007-05-27 22:28, Sven Arvidsson wrote:
> >>> AFAIK, that's gconf and not gnome-screensaver. gconf already uses
> >>> g_get_tmp_dir so I think it should use TMPDIR if it's available.
> >> IMHO, the reason is that TMPDIR is not on the list of allowed env vars
> >> in gs-job.c and gs-window-x11.c in gnome-screensaver. After the call to
> >> gdk_spawn_on_screen_with_pipes TMPDIR gets lost. I'm not sure if simply
> >> adding TMPDIR to the list would result in some security risks, though.
> >
> > Hi again,
> >
> > Did you give Josselins advice a try?
> >
> > If you want gconf to use a sane working directory, you can set the
> > GCONF_GLOBAL_LOCKS environment variable. In this case, don't forget to
> > allow TCP connections for CORBA if you are in a multi-machine multi-user
> > environment.
> >
>
> No, I didn't but I think it wouldn't work for the very same reason that
> TMPDIR doesn't. Take a look at get_env_vars() in gs-job.c and
> gs-window-x11.c and you will notice that only a restricted subset of
> environment variables is specified. Neither GCONF_GLOBAL_LOCKS nor
> TMPDIR is among them.
I see, can you try and add these to the allowed list and see if it
works? If it does, we can probably bring this up with upstream and see
if it really does result in security risks.
--
Cheers,
Sven Arvidsson
http://www.whiz.se
PGP Key ID 760BDD22
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20070830/f8eac2a2/attachment.pgp
More information about the pkg-gnome-maintainers
mailing list