Mercurial > pidgin
view PROGRAMMING_NOTES @ 13659:a92263b13380
[gaim-migrate @ 16061]
silcgaim_check_silc_dir() checks to make sure the user's private
key has permission 0600. If it doesn't, it chmod's the file.
Nathanael Hoyle pointed out the totally absurd scenario where, if
Gaim is suid root, someone could replace the private key with
something else between the fstat and the chmod so that the file
permissions are changed on a file that the user wouldn't otherwise
have access to. He also suggested a fix along the lines of this
one.
Ethan said this still isn't totally safe, but it should be a little
better, and I don't really care anyway because you'd have to be a
moron to run Gaim with the suid bit set in the first place.
committer: Tailor Script <tailor@pidgin.im>
| author | Mark Doliner <mark@kingant.net> |
|---|---|
| date | Wed, 19 Apr 2006 02:12:45 +0000 |
| parents | da88e2cd5c53 |
| children | 83ec0b408926 |
line wrap: on
line source
Notes on keeping GAIM OS independant ------------------------------------ General ------- - Use G_DIR_SEPARATOR_S and G_DIR_SEPARATOR for paths - Use g_getenv, g_snprintf, g_vsnprintf - Use gaim_home_dir instead of g_get_home_dir or g_getenv("HOME") - Make sure when including win32dep.h that it is the last header to be included. - Open binary files when reading or writing with 'b' mode. e.g: fopen("somefile", "wb"); Not doing so will open files in windows using defaut translation mode. i.e. newline -> <CR><LF> Paths ----- - DATADIR, LOCALEDIR & LIBDIR are defined in wingaim as functions. Doing the following will therefore break the windows build: printf("File in DATADIR is: %s\n", DATADIR G_DIR_SEPARATOR_S "pic.png"); it should be: printf("File in DATADIR is: %s%s%s\n", DATADIR, G_DIR_SEPARATOR_S, "pic.png"); PLUGINS & PROTOS ---------------- - G_MODULE_EXPORT all functions which are to be accessed from outside the scope of its "dll" or "so". (E.G. gaim_plugin_init) - G_MODULE_IMPORT all global variables which are located outside your dynamic library. (E.G. connections) (Not doing this will cause "Memory Access Violations" in Win32)