On Fri, May 9, 2008 at 5:30 AM, Eric Kow <[EMAIL PROTECTED]> wrote: >> The problem with this change is that we use the current directory for >> security reasons, since it's very hard to safely use the /tmp directory >> when communicating with external programs. > > Ah-hah, so that's what my vague memory of potential breakage (and > general nervousness about /tmp) was about. Thanks for clearing that > up. > > If anyone's interested, this was meant to address the problem of > calling a pager in a directory you don't have write permissions for. > For example, if you do do darcs --help in /usr/bin (not as root), you > will get an error like this: > > darcs: openFd: permission denied (Permission denied) > trying to create the temp file. > > Perhaps for functions like viewDoc, we need something like a > withUnsafeTemp (where unsafe is taken to mean from a security > standpoint). [we may need to also create an unsafe variant of > pipeDoc?]
The right thing to do for functions like viewDoc is to not create a temporary file at all, but instead to pipe the contents directly to the pager. This used to be hard, but with System.Process it's actually quite easy. > There's other issues that I don't understand with viewDoc and > view_file. On Windows, if it does not find less.exe, it just fails, > even though there is code to fall back on more and (for viewDoc), > printing to stdout. I'm not I understand why it doesn't go ahead and > try more under Windows. I suppose maybe a missing executable throws an exception? David _______________________________________________ darcs-users mailing list [email protected] http://lists.osuosl.org/mailman/listinfo/darcs-users
