From: Daniel Kahn Gillmor Date: Fri, 15 Jan 2016 19:11:55 +0000 (+1900) Subject: Re: [PATCH 7/9] add a gpg_path value for notmuch_database_t X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=523602052eb20cc66531380e300f8e4f0c58bcf1;p=notmuch-archives.git Re: [PATCH 7/9] add a gpg_path value for notmuch_database_t --- diff --git a/75/f85e3d1965cf7a54ace3911eeebb08adb2c4ec b/75/f85e3d1965cf7a54ace3911eeebb08adb2c4ec new file mode 100644 index 000000000..da91010ec --- /dev/null +++ b/75/f85e3d1965cf7a54ace3911eeebb08adb2c4ec @@ -0,0 +1,89 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by arlo.cworth.org (Postfix) with ESMTP id E26F66DE178F + for ; Fri, 15 Jan 2016 11:12:00 -0800 (PST) +X-Virus-Scanned: Debian amavisd-new at cworth.org +X-Spam-Flag: NO +X-Spam-Score: -0.025 +X-Spam-Level: +X-Spam-Status: No, score=-0.025 tagged_above=-999 required=5 + tests=[AWL=-0.025] autolearn=disabled +Received: from arlo.cworth.org ([127.0.0.1]) + by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id RpBJSWAXJMlN for ; + Fri, 15 Jan 2016 11:11:59 -0800 (PST) +Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) + by arlo.cworth.org (Postfix) with ESMTP id 4551D6DE0A87 + for ; Fri, 15 Jan 2016 11:11:59 -0800 (PST) +Received: from fifthhorseman.net (unknown [38.109.115.130]) + by che.mayfirst.org (Postfix) with ESMTPSA id D0D00F984; + Fri, 15 Jan 2016 14:11:55 -0500 (EST) +Received: by fifthhorseman.net (Postfix, from userid 1000) + id 474F72002F; Fri, 15 Jan 2016 11:11:55 -0800 (PST) +From: Daniel Kahn Gillmor +To: Tomi Ollila , David Bremner , + Notmuch Mail +Subject: Re: [PATCH 7/9] add a gpg_path value for notmuch_database_t +In-Reply-To: +References: <1449718786-28000-1-git-send-email-dkg@fifthhorseman.net> + <1449718786-28000-8-git-send-email-dkg@fifthhorseman.net> + <87mvtgfws4.fsf@alice.fifthhorseman.net> + <87d1ubdu0k.fsf@zancas.localnet> + +User-Agent: Notmuch/0.21+66~g8c19a9a (http://notmuchmail.org) Emacs/24.5.1 + (x86_64-pc-linux-gnu) +Date: Fri, 15 Jan 2016 14:11:55 -0500 +Message-ID: <871t9i7j44.fsf@alice.fifthhorseman.net> +MIME-Version: 1.0 +Content-Type: text/plain +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.20 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Fri, 15 Jan 2016 19:12:01 -0000 + +On Sun 2015-12-13 06:17:07 -0500, Tomi Ollila wrote: +> Actually now that I sent this mail it kept rolling on my mind... If anyone +> else than me (and libgpgme?) thinks that '.' should not be in search path +> we could do + +fwiw, i agree that . should *not* be in the search path. + +> if (getenv("PATH") == NULL) { +> path_set = true; +> setenv("PATH", "/bin:/usr/bin", 1); // XXX *BSD configurability // +> } +> else path_set = false; +> +> ... g_find_program_in_path("gpg2") +> ... g_find_program_in_path("gpg") +> +> if (path_set) { +> unsetenv("PATH"); + +I'm game for something like this, but i've got a queue of patches i'm +about to send that would provide a different place to make this change, +so i'm not making it now. please keep this in mind, though :) + +> I also thought of examining the return value starting with ./ but +> (current or) future version of g_find_program_in_path() might +> canonicalize the returned path... + +i'm not sure what this suggestion means -- do you mean checking to see +whether the returned value started with ./ ? If so, I agree that this +seems like a not very robust way to protect against this problem. + +Should we maybe also be reporting this as a bug against +g_find_program_in_path ? + + --dkg