GNOME Bugzilla – Bug 2311
Be careful what you (try to) write in $HOME
Last modified: 2011-02-18 15:47:43 UTC
Package: gnome-libs Version: 1.0.18 Severity: wishlist GNOME currently tries to write to $HOME even if $HOME is not owned by the current user, and if it can't write, in some cases it aborts. It would be nice if when we have a new major version and no longer have to worry about backwards/forwards binary compabitility, we change gnome_util_user_home to a function something like this: char * gnome_util_user_home (void) { struct stat sb; struct passwd *pw; char *gnome_user_home_dir; gnome_user_home_dir = g_get_home_dir(); g_assert(gnome_user_home_dir); if (stat(gnome_user_home_dir, &sb) || (sb.st_uid != getuid())) { pw = getpwuid(getuid()); if (pw) { gnome_user_home_dir = g_strdup(pw->pw_dir); } } return gnome_user_home_dir; } Then gnome_util_home_file would come along for the ride, automatically. This would be useful for GNOME programs called from setuid applications. Here at Red Hat, we've got a generic consolehelper wrapper that authenticates users and then calls a program for them; it's kind of like su except that the authentication is highly configurable on a per-application basis via PAM; with su, the configuration, while still done via PAM, is done once for all uses of su. With consolehelper, the authentication is done on a per-wrapped-application basis, and we configure different apps differently. While I can set $HOME in consolehelper (although I'm not convinced that it's the best thing to do), the GNOME libraries ought to be liberal in what they accept. michaelkjohnson "Magazines all too frequently lead to books and should be regarded by the prudent as the heavy petting of literature." -- Fran Lebowitz Linux Application Development http://people.redhat.com/johnsonm/lad/ ------- Additional Comments From hp@redhat.com 1999-09-23 02:23:32 ---- Subject: reassigned to glib From: Havoc Pennington <hp@redhat.com> To: 2311@bugs.gnome.org Message-Id: <Pine.LNX.4.10.9909230220220.14037-100000@icon.labs.redhat.com> Date: Thu, 23 Sep 1999 02:23:32 -0400 (EDT) Lots of GNOME code uses g_get_home_dir() or whatever instead of gnome_util_user_home(), because gnome_util_user_home() was deprecated. If this fix is the Right Thing then it should go in glib so it affects all GNOME code and even non-GNOME glib code. Otherwise we should special-case it in gnome-config.c, if that is the decision then we can reassign back to gnome-libs and retitle the bug. Havoc ------- Bug moved to this database by debbugs-export@bugzilla.gnome.org 2001-01-27 12:28 ------- This bug was previously known as bug 2311 at http://bugs.gnome.org/ http://bugs.gnome.org/show_bug.cgi?id=2311 Originally filed under the glib product and general component. The original reporter (johnsonm@redhat.com) of this bug does not have an account here. Reassigning to the exporter, debbugs-export@bugzilla.gnome.org. Reassigning to the default owner of the component, gtkdev@gtk.org.
Setting all outstanding bugs against 1.3.x to be due for the 2.0.0 milestone; will go through and move some of them to API freeze milestone and set milestone to none for punted features.
The patch here is basically that in g_get_any_init(), ignore $HOME if it doesn't exist or isn't owned by getuid(). We already have code to getpwuid(getuid()) if $HOME is unset, we just run that code in the nonexistent/wrong-owner case in addition to the unset case.
Nalin claims we should simply ignore $HOME
*** Bug 64219 has been marked as a duplicate of this bug. ***
I don't think $HOME should be completely ignored; I think it should only be used as a last resort.
HOME should be tried first. The reason su and sudo don't change HOME is because you usually want to take your settings with you into superuser-land (.emacs, .zshrc, etc.). I think all that's being asked for here is sane behavior when HOME is not writable; ignoring it altogether or using it as a last resort is not helpful.
Detailed analysis in: http://mail.gnome.org/archives/gtk-devel-list/2002-March/msg00066.html
Tue Mar 5 00:38:54 2002 Owen Taylor <otaylor@redhat.com> * glib/gutils.c (g_get_any_init): Where we have getpwuid[_r], use that in preference to $HOME, and only check $HOME as a fallback if getpwuid fails. (#2311)
*** Bug 91079 has been marked as a duplicate of this bug. ***
*** Bug 132238 has been marked as a duplicate of this bug. ***
As Owen noted in bug #132238, switching back and forth sucks, but I'd just like to note that I'm really bitter about the way this bug report was resolved. Well-behaved Unix programs have always honored HOME when there is no security reason not to, and now GNOME programs are generally not in that category; moreover, they tend to be inconsistent, sometimes using getenv("HOME") and sometimes using g_get_home_dir. Boo.
Created attachment 25677 [details] [review] Proposed patch to allow user to override homedir with HOME if they really want to
Okay, bugzilla wasn't really the right place for that little outburst of mine, but it is the right place for something more constructive. I've attached a patch which should placate the power users like me (who want to be able to log in with a networked homedir but run Evolution or whatever out of a local one) without affecting the average person. I'm not particularly attached to the environment variable name. I hope people will consider it.