[Development] glib's and Qt's RuntimeLocation [OS X]
Thiago Macieira
thiago.macieira at intel.com
Tue Nov 24 22:03:38 CET 2015
On Tuesday 24 November 2015 19:58:22 René J. V. Bertin wrote:
> I'd have chosen $TMPDIR (aka QDir::tempPath()) myself. Contrary to
> ~/Library/Cache that one is cleared on each reboot, which seems advantageous
> at least for the kind of things RuntimeLocation is used for in
> FOSS/Freedesktop applications.
It mustn't be $TMPDIR. It needs to be a directory owned by the user so no
other users can create files or sockets or FIFOs in there (no chance for
malicious collision).
It could be a subdir of $TMPDIR, but then we run into a race condition problem
of creating a secure subdir with a well-established name among applications.
That's why the XDG spec says that XDG_RUNTIME_DIR *must* have been created
when the user logs in and must be removed when the user fully logs out.
The fallback option that QStandardDirs offers when XDG_RUNTIME_DIR isn't set
has those problems: it has race conditions and, because of that, it isn't
secure.
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel Open Source Technology Center
More information about the Development
mailing list