GoogleCodeExporter
commented
8 years ago This is my reply to that patch, which I wrote to the Debian list and will
repeat here:
I definitely oppose the proposed patch and will NOT accept it in chm2pdf (I am
one of
the two authors)!
Reasons:
1) There are easier ways to avoid the security risks.
2) It destroys the "--dontextract" option which is a *very* useful one!
Let me propose an alternative:
It all has to do with using "tmp" in these 2 lines, right?
CHM2PDF_TEMP_WORK_DIR='/tmp/chm2pdf/work'
CHM2PDF_TEMP_ORIG_DIR='/tmp/chm2pdf/orig'
So, what would you say if I changed "tmp" to $HOME in the above two lines? Any
security concerns here? This way, we keep sane names for the directories, we
don't
touch tmp, the user and only the user has full control of the directories
created -
and we can keep the --dontextract option!
Any objections - or suggestions :-) - before I start coding?
PS.: Before you kill me about the use of tmp, bear in mind that this tool was
created
with the "normal user" in mind (me! :-)))), i.e. for a system where 99% of the
time
only one user is using it. That user was assumed to (be able to) change the
value of
the CHM2PDF_TEMP_* variables to whatever fits him - that's why the variables
were
actually created. Now people start complaining about "malicious users". Oh
well...you
are all so right - but notice what: we have already stopped talking about how
to make
the program do its actual job better - we are talking about "cross-cutting
concerns"!
That is, we now concentrate our energy *not* on the problem we originally had to
solve (CHM to PDF conversion), but on things like "where to put the working
dir, in
/tmp, in $HOME or elsewhere...". :roll:Original comment by chriskar...@googlemail.com on 25 Nov 2008 at 9:55
- Changed state: Accepted
Original issue reported on code.google.com by
robert.b...@goodpoint.deon 22 Nov 2008 at 5:26