[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [E-devel] imlib2 loaders location

> What happens if a setuid/setgid app is talked into loading a malicious
> loader?  The hard-coded method is far safer.  If you need loaders
> elsewhere, change PACKAGE_LIB_DIR at build time.

Correct me if I am wrong, but exposing an API to change the loader
path will essentially transfer security issues to the client, whom we
assume is aware of the dangers of allowing an arbitrary path :) So,
IMO, exposing an API is not a bad thing (env vars is a different
issue) if there are use cases for it...


April 1: This is the day upon which we are reminded of
what we are on the other three hundred and sixty-four.
          -- Mark Twain, "Pudd'nhead Wilson's Calendar"