[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NSBundle -initWithPath: warning

From: David Ayers
Subject: Re: NSBundle -initWithPath: warning
Date: Fri, 01 Apr 2005 11:30:26 +0200
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041217

Sheldon Gill wrote:

Why is the code checking for an absolute path? It is superfluous and is more likely to cause problems than solve them.

I kind of agree that this seems superfluous. If there is a reason, we need some documentation.

Later on, it checks that the bundle directory is readable. Why?

This may have a reason wrt to setuid programs. A file may be detected as non readable/writable because the real uid's don't match but actually is readable/writable because the actual access is done with the effective uid.

I'm not 100% sure about this behavior and whether we should be checking or not. I've had warnings that defaults couldn't be created because of this, even though they could have. But I'm not clear about the intention of this feature within GNUstep in relation to access()

       #include <unistd.h>

       int access(const char *pathname, int mode);
       The check is done with the process's  real  uid  and  gid,
       rather  than  with the effective ids as is done when actu­
       ally attempting an operation.  This is  to  allow  set-UID
       programs  to  easily determine the invoking user's author­

Surely the better option is to simply make the open calls and handle failures properly. That much has to be done anyway. Why complicate matters by doing checks that don't give us any real benefit?

Consider 1: If the path isn't absolute it may still work in some cases. In the cases it doesn't work, it'll fail to find the file because the path is incorrect. Just like it'd fail if the path was otherwise incorrect.

Consider 2: if the bundle directory is unreadable, it'll fail when we try to read it. Try to read it and handle not being able to.

I don't necessarily disagree, it's just that we should be clear about what we want and document it.

I'm leaning to not checking in the general case but explicitly check where we have concerns in the setuid case, which would probably move most of the checking responsibility to the application and out of -base. But how to treat user defaults here is not crystal clear to me.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]