Hello,
while developing I reviewed again the evas module loader.
quote file/evas_module.c:
/* 1. ~/.evas/modules/ */
path = eina_module_environment_path_get("HOME", "/.evas/modules");
evas_module_paths = _evas_module_append(evas_module_paths, path);
/* 2. $(EVAS_MODULE_DIR)/evas/modules/ */
path = eina_module_environment_path_get("EVAS_MODULES_DIR",
"/evas/modules"); if (eina_list_search_unsorted(evas_module_paths,
(Eina_Compare_Cb) strcmp, path)) free(path);
else
evas_module_paths = _evas_module_append(evas_module_paths, path);
One question:
If one write an GUI application with edje that offers to configure some
system states and I allow this application to run as root (e.g. super
user bit set) or some other way. Then one could get root only by writing
an custom evas module that implements e.g. the software_x11 and place it
into $(EVAS_MODULE_DIR)/modules, not?
>From my feeling this opens a system more than needed. At least the
search order for evas modules needs to be switched to first search in
system directory and later in $HOME.
But maybe I'm complete wrong because running an application with a way
to get root permission also includes this risk...
regards
Andreas
--
Technical Blog <http://andreasvolz.wordpress.com/>
------------------------------------------------------------------------------
The Go Parallel Website, sponsored by Intel - in partnership with Geeknet,
is your hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials, tech docs,
whitepapers, evaluation guides, and opinion stories. Check out the most
recent posts - join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
