On Saturday 21 May 2005 00:25, Aaron M. Ucko wrote: > After installing desktop-profiles and agreeing to let it take over my > gconf path settings, I found that my next login was badly broken > because the Xsession script couldn't create files in the nonexistent > directory /var/cache/desktop-profiles. I was able to resolve that by > creating it with permissions rwxrwxrwt and restarting gconf, but that > should not have been necessary.
> I seriously question the wisdom of using predictable names in a
> directory that presumably needs to be world-writable (even if sticky)
> anyway, as it allows users to set traps for other users who have not
> yet logged in.
right you are:
- if user logs in and no file is present all is well as file is created
user:user with permissions 644
- if other user creates trap with file writeable for our user all is well
(as file is regenerated on login)
- but if other user creates trap with file not-writeable for our user
re-generation will fail, and trap will stand
(I'd failed to consider the last case :-( )
> Given that gconf can expand $(HOME) as well as
> $(USER), why not instead work with a directory under $HOME? You could
> call it .desktop-profiles or something, and should have permission to
> create it before trying to work with it if it doesn't yet exist (most
> commonly on the first login after installing d-p).
ok, putting files in $(XDG_CACHE_HOME) (which default to $HOME/.cache as
per the freedesktop base directory spec).
hm, I'll still need to randomize the name of the generated path files
though, as otherwise the user can use the same attack to avoid any
mandatory settings
> Also, it's not wise to rely on anything getting installed into
> /usr/share/doc, even for an instant; you should move any files your
> code relies on finding there to some other location, such as
> /usr/share/desktop-profiles, per Policy 12.3:
>
> Packages must not require the existence of any files in
> `/usr/share/doc/' in order to function [1]. Any files that are
> referenced by programs but are also useful as standalone
> documentation should be installed under `/usr/share/<package>/' with
> symbolic links from `/usr/share/doc/<package>'.
ack, moving it
thanks
--
cobaco (aka Bart Cornelis):
Coördinator Belgisch Skolelinux team
Coördinator Nederlandse Skolelinux vertaling
pgpPkqyS0OuWM.pgp
Description: PGP signature
