From: Junio C Hamano <gitster@pobox.com>
To: 惠轶群 <huiyiqun@gmail.com>
Cc: Jeff King <peff@peff.net>, Git List <git@vger.kernel.org>,
Your friend <pickfire@riseup.net>
Subject: Re: [PATCH v3/GSoC 2/5] path.c: implement xdg_runtime_dir()
Date: Fri, 25 Mar 2016 09:55:59 -0700 [thread overview]
Message-ID: <xmqqpoui4huo.fsf@gitster.mtv.corp.google.com> (raw)
In-Reply-To: <CAKqreux8FHdJoKDishjQkbi9g1oUc265EUK4nOJ_sgeFivGSNA@mail.gmail.com> ("惠轶群"'s message of "Fri, 25 Mar 2016 22:21:48 +0800")
惠轶群 <huiyiqun@gmail.com> writes:
>> There's a lot of "what" here that the caller doesn't really care about,
>> and which may go stale with respect to the implementation over time. Can
>> we make something more succinct like:
>>
>> /*
>> * Return a path suitable for writing run-time files related to git,
>> * or NULL if no such path can be established. The resulting string
>> * should be freed by the caller.
>> */
>>
>> ?
>
> That's clearer, but if I were the caller, I would worry about the
> security of the path.
> How about adding:
>
> The security of the path is ensured by file permission.
Is "by file permission" descriptive enough?
To protect /a/b/c/socket, what filesystem entities have the right
permission bits set? If the parent directory is writable by an
attacker, the permission bits on 'socket' itself may not matter as
the attacker can rename it away and create new one herself, for
example.
> I will deal with it.
>
> I find there are some similar leakage in this file. I'll fix them in
> another patch.
>
> Do you think we need some additional comments for the release of strbuf?
As Documentation/technical/api-strbuf.txt has this, I think we are
already OK.
`strbuf_release`::
Release a string buffer and the memory it used. You should not use the
string buffer after using this function, unless you initialize it again.
next prev parent reply other threads:[~2016-03-25 16:56 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-23 10:13 [PATCH v3/GSoC 1/5] path.c: implement strbuf_mkpath() Hui Yiqun
2016-03-23 10:13 ` [PATCH v3/GSoC 2/5] path.c: implement xdg_runtime_dir() Hui Yiqun
2016-03-25 9:59 ` Jeff King
2016-03-25 14:21 ` 惠轶群
2016-03-25 14:23 ` 惠轶群
2016-03-25 16:55 ` Junio C Hamano [this message]
2016-03-25 17:55 ` Jeff King
2016-03-25 18:00 ` Junio C Hamano
2016-03-28 13:37 ` 惠轶群
2016-03-28 14:35 ` Junio C Hamano
2016-03-25 17:59 ` Jeff King
2016-03-28 14:12 ` 惠轶群
2016-03-28 14:50 ` Junio C Hamano
2016-03-28 15:00 ` 惠轶群
2016-03-28 17:03 ` Junio C Hamano
2016-03-28 15:51 ` [PATCH] path.c enter_repo(): fix unproper strbuf unwrapping and memory leakage Hui Yiqun
2016-03-28 15:56 ` [PATCH v2] " Hui Yiqun
2016-03-28 17:55 ` Jeff King
2016-03-29 2:40 ` 惠轶群
2016-03-28 15:57 ` [PATCH v3] " Hui Yiqun
2016-03-28 15:59 ` 惠轶群
2016-03-28 17:58 ` Junio C Hamano
2016-03-29 2:38 ` 惠轶群
2016-03-23 10:13 ` [PATCH v3/GSoC 3/5] git-credential-cache: put socket to xdg-compatible path Hui Yiqun
2016-03-25 10:00 ` Jeff King
2016-03-25 14:28 ` 惠轶群
2016-03-25 17:56 ` Jeff King
2016-03-25 18:00 ` 惠轶群
2016-03-23 10:13 ` [PATCH v3/GSoC 4/5] test-lib.sh: unset all environment variables defined in xdg base dir spec[1] Hui Yiqun
2016-03-25 10:05 ` Jeff King
2016-03-23 10:13 ` [PATCH v3/GSoC 5/5] t0301: test credential-cache support of XDG_RUNTIME_DIR Hui Yiqun
2016-03-25 7:13 ` [PATCH v3/GSoC 1/5] path.c: implement strbuf_mkpath() 惠轶群
2016-03-25 9:51 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqpoui4huo.fsf@gitster.mtv.corp.google.com \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=huiyiqun@gmail.com \
--cc=peff@peff.net \
--cc=pickfire@riseup.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).