On Thu, 2007-08-30 at 11:46 +0200, Piotr Kaczuba wrote: > W dniu 2007-08-29 22:31, Sven Arvidsson pisze: > > On Mon, 2007-05-28 at 20:27 +0200, Piotr Kaczuba wrote: > >> On 2007-05-27 22:28, Sven Arvidsson wrote: > >>> AFAIK, that's gconf and not gnome-screensaver. gconf already uses > >>> g_get_tmp_dir so I think it should use TMPDIR if it's available. > >> IMHO, the reason is that TMPDIR is not on the list of allowed env vars > >> in gs-job.c and gs-window-x11.c in gnome-screensaver. After the call to > >> gdk_spawn_on_screen_with_pipes TMPDIR gets lost. I'm not sure if simply > >> adding TMPDIR to the list would result in some security risks, though. > > > > Hi again, > > > > Did you give Josselins advice a try? > > > > If you want gconf to use a sane working directory, you can set the > > GCONF_GLOBAL_LOCKS environment variable. In this case, don't forget > > to > > allow TCP connections for CORBA if you are in a multi-machine > > multi-user > > environment. > > > > No, I didn't but I think it wouldn't work for the very same reason that > TMPDIR doesn't. Take a look at get_env_vars() in gs-job.c and > gs-window-x11.c and you will notice that only a restricted subset of > environment variables is specified. Neither GCONF_GLOBAL_LOCKS nor > TMPDIR is among them.
I see, can you try and add these to the allowed list and see if it works? If it does, we can probably bring this up with upstream and see if it really does result in security risks. -- Cheers, Sven Arvidsson http://www.whiz.se PGP Key ID 760BDD22
signature.asc
Description: This is a digitally signed message part
