[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [E-devel] imlib2 loaders location



On Wed, 22 Mar 2006 17:44:49 +0530 "Ramkumar R" <andyetitmoves@gmail.com>
babbled:

> > What happens if a setuid/setgid app is talked into loading a malicious
> > loader?  The hard-coded method is far safer.  If you need loaders
> > elsewhere, change PACKAGE_LIB_DIR at build time.
> 
> Correct me if I am wrong, but exposing an API to change the loader
> path will essentially transfer security issues to the client, whom we
> assume is aware of the dangers of allowing an arbitrary path :) So,
> IMO, exposing an API is not a bad thing (env vars is a different
> issue) if there are use cases for it...

sure. api is ok - we would assume the client knows the implications.

> Ramkumar.
> 
> --
> April 1: This is the day upon which we are reminded of
> what we are on the other three hundred and sixty-four.
>           -- Mark Twain, "Pudd'nhead Wilson's Calendar"
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
> that extends applications into web and mobile media. Attend the live webcast
> and join the prime developer group breaking into this new coding territory!
> http://sel.as-us.falkag.net/sel?cmd_______________________________________________
> enlightenment-devel mailing list
> enlightenment-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
> 


-- 
------------- Codito, ergo sum - "I code, therefore I am" --------------
The Rasterman (Carsten Haitzler)    raster@rasterman.com
裸好多
Tokyo, Japan (東京 日本)