Re: ${HOME} vs. g_get_home_dir ()

[Ivan Shmakov <oneingray@gmail.com>]

>>>>> Simon McVittie <smcv@debian.org> writes:
>>>>> On 26/09/12 18:15, Ivan Shmakov wrote:
>>>>> Simon McVittie <smcv@debian.org> writes:

 >>> Please research previous discussion to check that you're not
 >>> missing arguments that have happened in the past,

 >> Any particular pointers?

 > Following the git history points to
 > <https://bugzilla.gnome.org/show_bug.cgi?id=2311>, which raises
 > interesting issues regarding running GUI applications from under
 > su/sudo (which is generally a bad idea, but back then there was
 > little alternative).

	There's also the analysis at [1].

	Unfortunately, it seems that the possibility of the user
	/intentionally/ changing his or her own HOME was never
	considered (and neither such concerns are reflected in the
	documentation.)  E. g.:

--cut--
It turns out that most of this time, this is irrelevant.  login sets
$HOME and until you switch users, it will be left unchanged.  The case
where it becomes an issue is with some "execute a program as another
user" commands.  There is some difference in behavior here.
--cut--

	Should the target user be a non-privileged one, my suggestion
	(to only use HOME if it points to a directory which is both
	accessible and owned by the “now-current” user) should relieve
	the concerns listed.  On the other hand, when the target user is
	‘root’ (UID 0), either of these behaviors may be valid
	(depending on the exact circumstances, as was noted elsewhere in
	this thread), so this check shouldn't be done (should we follow
	the general principle of “root knows what it wants.”)

[1] http://mail.gnome.org/archives/gtk-devel-list/2002-March/msg00066.html

-- 
FSF associate member #7257