Bug#421893: libtag unnecessarily opens files read-write which fails on read-only smb shares

[Stefan]

Package: libtag1c2a
Version: 1.4-4
Severity: important

--- Please enter the report below this line. ---

Hello Christopher,
hello Scott,

since I could think Amarok had a problem indexing my music collection from a 
Samba share. Now I looked into this problem and found the following:

    https://bugs.launchpad.net/ubuntu/+source/amarok/+bug/91229

I then looked into the source code of taglib-1.4 and found the following in 
taglib/toolkit/tfile.cpp:

    File::File(const char *file)
    {
      d = new FilePrivate(::strdup(file));

      d->readOnly = !isWritable(file);
      d->file = fopen(file, d->readOnly ? "r" : "r+");

      if(!d->file)
        debug("Could not open file " + String(file));
    }

and

    bool File::isWritable(const char *file)
    {
      return access(file, W_OK) == 0;
    }

That is, a file is opened read-write if access tells it's writable.
I then checked the result of access with the following program:

    #include <iostream>
    #include <unistd.h>
    using namespace std;

    int main( int argc, char* argv[] )
    {
        if( argc < 2 ) {
            cout << "Too few arguments" << endl;
            return -1;
        }

        if( access( argv[1], W_OK ) == 0 ) {
            cout << "Writable" << endl;
        } else {
            cout << "Not writable" << endl;
        }
        return 0;
    }

It says "Writable" for the mounted Samba share although the folder is exported 
read-only. So I think a following fopen will fail when using "r+".

OK, one can say this is a deficiency of access but I think it really would be 
better if the file is opened read-only when tag information is only to be 
read from the file. That would be more secure anyhow I think.

So I would suggest to add an additional boolean parameter to the File 
constructor to decide between read-only and read-write and call it for 
read-write only if absolutely neccessary.


With best regards and keep up the good work
Stefan


--- System information. ---
Architecture: i386
Kernel:       Linux 2.6.16-1-686

Debian Release: testing/unstable
  700 unstable        mirrors.ecology.uni-kiel.de 
  700 unstable        ftp.de.debian.org 

--- Package information. ---
Depends                                  (Version) | Installed
==================================================-+-=========================
libc6                                 (>= 2.3.6-6) | 2.3.6.ds1-8
libgcc1                               (>= 1:4.1.0) | 1:4.1.1-19
libstdc++6                              (>= 4.1.0) | 4.1.1-19
zlib1g                                (>= 1:1.2.1) | 1:1.2.3-11



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]