libxfce4util broken(was: Xffm creates bad files)

Benedikt Meurer benedikt.meurer at unix-ag.uni-siegen.de
Thu Apr 1 09:47:35 CEST 2004


edscott wilson garcia wrote:
> El mié, 31-03-2004 a las 12:42, Benedikt Meurer escribió:
> 
> 
>>This does not seem to be a sane solution. An application should exit with an 
>>error message if it is unable to determine the users home directory. 
>>Everything else is wrong and IMHO dangerous.
> 
> 
> To exit is a bit too drastic for me. Not being able to determine the
> home directory should not be dangerous. As you suggested some days ago,
> you cannot take away the wheels of a car so that drivers will not crash.
> The application should know what to do if it gets NULL for a home
> directory, otherwise, IMHO, it's a crappy application.

If an application is unable to determine my homedir and uses /tmp instead, I 
would consider this dangerous. Esp. if the application does not notify my of 
that fact. Imagine, you have an application that saves sensitive data, you 
feel quite safe because your home dir is 0700 and you trust your admin. Now a 
problem occurs with the YP server, just after you launched your application, 
and the app will use /tmp to store your sensitive data. In terms of security 
its way better to exit the application, than doing probably insecure things.

Benedikt

-- 
NetBSD Operating system:                       http://www.NetBSD.org/
pkgsrc "Work in progress":                  http://pkgsrc-wip.sf.net/
XFce desktop environment:                        http://www.xfce.org/
German Unix-AG Association:                   http://www.unix-ag.org/
os-network:                                 http://www.os-network.de/

OpenPGP Key: http://www.home.unix-ag.org/bmeurer/#gpg




More information about the Xfce4-dev mailing list