Bug#423658: gnome-screensaver: doesn't honour TMPDIR

[Piotr Kaczuba]

W dniu 30 VIII 2007 21:32, Sven Arvidsson pisze:
> On Thu, 2007-08-30 at 11:46 +0200, Piotr Kaczuba wrote:
>> W dniu 2007-08-29 22:31, Sven Arvidsson pisze:
>>> On Mon, 2007-05-28 at 20:27 +0200, Piotr Kaczuba wrote:
>>>> On 2007-05-27 22:28, Sven Arvidsson wrote:
>>>>> AFAIK, that's gconf and not gnome-screensaver. gconf already uses 
>>>>> g_get_tmp_dir so I think it should use TMPDIR if it's available.
>>>> IMHO, the reason is that TMPDIR is not on the list of allowed env vars 
>>>> in gs-job.c and gs-window-x11.c in gnome-screensaver. After the call to 
>>>> gdk_spawn_on_screen_with_pipes TMPDIR gets lost. I'm not sure if simply 
>>>> adding TMPDIR to the list would result in some security risks, though.
>>> Hi again, 
>>>
>>> Did you give Josselins advice a try?
>>>
>>>         If you want gconf to use a sane working directory, you can set the
>>>         GCONF_GLOBAL_LOCKS environment variable. In this case, don't forget to
>>>         allow TCP connections for CORBA if you are in a multi-machine multi-user
>>>         environment.
>>>
>> No, I didn't but I think it wouldn't work for the very same reason that
>> TMPDIR doesn't. Take a look at get_env_vars() in gs-job.c and
>> gs-window-x11.c and you will notice that only a restricted subset of
>> environment variables is specified. Neither GCONF_GLOBAL_LOCKS nor
>> TMPDIR is among them.
> 
> I see, can you try and add these to the allowed list and see if it
> works? If it does, we can probably bring this up with upstream and see
> if it really does result in security risks.

I'm running right now a self-compiled gnome-screensaver with TMPDIR 
included in the two places mentioned above. TMPDIR is set by 
libpam-tmpdir at logon via gdm, additionally I patched the Xsession 
startup script according to bug report #355923. It works how it's 
supposed to, gconf and orbit on behalf of gnome-screensaver use the 
directory set by TMPDIR as the temporary directory.

Greetings,
Piotr