GNOME Bugzilla – Bug 329535
tomboy script looks for executable in CWD
Last modified: 2008-02-26 20:49:40 UTC
Upstreaming from https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177677 Running the executables from CWD has security issues, bugs 328911 and 328909 are about the same problem with beagled and f-spot and include more details.
Created attachment 60797 [details] [review] patch to modify tomboy wrapper so it works with tomboy not in CWD This is a patch for this issue (sort-of) that I submitted to the tomboy list a while back. It doesn't solve the security aspect of this problem (detailed in the beagle/f-spot bugs) which, for the benefit of this bug, is * bad user creates a trojan tomboy.exe in /tmp (and a blank Makefile.am) * good user is in /tmp and types tomboy * wrapper script calls the trojan rather than the correct .exe ... but it does mean you can do ./Tomboy/tomboy from the @srcdir@ (rather than having to be in @srcdir@/Tomboy)
Created attachment 76964 [details] [review] tomboy-cwd-exe.patch: Possible fix Does something like this (borrowed from f-spot) satisfy the security problem? Essentially, if you want to run an uninstalled (development) version of Tomboy, you have to start it with "tomboy --uninstalled" regardless of what directory you are in. Maybe a bit inconvenient for developers but safer for end-users.
Why not just check that the CWD = @srcdir@/Tomboy, and if so run a Tomboy.exe found therein? Just have to replace @srcdir@ correctly when generating tomboy from tomboy.in. I consider the --uninstalled thing to be rather heavy handed.
Created attachment 76972 [details] [review] tomboy-cwd-exe.patch: Checks that $PWD = @srcdir@ Originally I tried this, but I got held up by @srcdir@ resolving to "." so I went the other route. So, thanks for catching this, because $PWD resolves to a full path properly (which I was using in the previous patch). This now works well (only runs "Uninstalled Tomboy" when $PWD is <full path to Tomboy source code>/Tomboy).
Checked-in the fix into latest CVS.