[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [E-devel] imlib2 loaders location
> What happens if a setuid/setgid app is talked into loading a malicious
> loader? The hard-coded method is far safer. If you need loaders
> elsewhere, change PACKAGE_LIB_DIR at build time.
Correct me if I am wrong, but exposing an API to change the loader
path will essentially transfer security issues to the client, whom we
assume is aware of the dangers of allowing an arbitrary path :) So,
IMO, exposing an API is not a bad thing (env vars is a different
issue) if there are use cases for it...
April 1: This is the day upon which we are reminded of
what we are on the other three hundred and sixty-four.
-- Mark Twain, "Pudd'nhead Wilson's Calendar"