Andreas Beck wrote:
>
> > Would there be any objection to overriding the compiled in configuration
> > file directory with an environment variable.
>
> Yes. This is compiled in for security purposes. In a perfect world, we would
> not have the SVGAlib target. However we do have such a target and maybe
> there are other reasons to make LibGGI Programs SUID.
Hmmm, but the config files themselves can be changed to load anything.
Just rename the targets.
The .root parameter points to wherever you want and then you have
something like display/memory.so which may or may not be the actual
display-memory target.
But I suppose if the config files were user-read-only/root-write, this
wouldn't be such a problem.
>
> Allowing an environment setting to influence the loading of libraries (which
> would be the result of the proposed change) would break system security for
> systems that install suid LibGGI binaries.
>
> > This would allow installation in a directory structure other than the
> > build structure.
>
> For this reason, we have the patchlib program that will binary-patch the
> libraries. When you can write the libs, system security is in your hands
> anyway ...
>
> > Example: I configure and build to /e/local/user ( actually
> > e:/usr/local on Win98 ). However, I want to install it later to
> > /usr/local. Unfortunately, /e/usr/local/etc/ggi is build into the
> > executable, and will not run properly on another system W/O
> > e:/usr/local) I'd like to override this with an environment variable.
>
> *grin* for that case system security is of course a moot point :-))).
>
> I'd still suggest to just use patchlib. The variable that holds the value is
> designed for the patch, so it shouldn't be a problem, execpt maybe a future
> version of Win actually checking the EXE checksum in the DLL.
I can't assume where the user is going to install the libraries. The
problem is that I don't want the end user to have to patch binaries in
order to make the libraries work. I can't assume that the person has the
ability to do this without screwing it up.
How about if we #ifdef around that code. Windows will be the only OS
which can use an environment variable. The others would still be hard
coded.
Of course, if windows supported links across drives, this wouldn't be a
problem.
John
