Hello all, I definitely oppose the proposed patch and will NOT accept it in chm2pdf (I am one of the two authors)!
Reasons: 1) There are easier ways to avoid the security risks. 2) It destroys the "--dontextract" option which is a *very* useful one! Let me propose an alternative: It all has to do with using "tmp" in these 2 lines, right? CHM2PDF_TEMP_WORK_DIR='/tmp/chm2pdf/work' CHM2PDF_TEMP_ORIG_DIR='/tmp/chm2pdf/orig' So, what would you say if I changed "tmp" to $HOME in the above two lines? Any security concerns here? This way, we keep sane names for the directories, we don't touch tmp, the user and only the user has full control of the directories created - and we can keep the --dontextract option! Any objections - or suggestions :-) - before I start coding? PS.: Before you kill me about the use of tmp, bear in mind that this tool was created with the "normal user" in mind (me! :-)))), i.e. for a system where 99% of the time only one user is using it. That user was assumed to (be able to) change the value of the CHM2PDF_TEMP_* variables to whatever fits him - that's why the variables were actually created. Now people start complaining about "malicious users". Oh well...you are all so right - but notice what: we have already stopped talking about how to make the program do its actual job better - we are talking about "cross-cutting concerns"! That is, we now concentrate our energy *not* on the problem we originally had to solve (CHM to PDF conversion), but on things like "where to put the working dir, in /tmp, in $HOME or elsewhere...". :roll: -- Regards Chris Karakas http://www.karakas-online.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
