https://bugzilla.novell.com/show_bug.cgi?id=210486 federico@ximian.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |federico@ximian.com Status|NEW |RESOLVED Resolution| |INVALID ------- Comment #1 from federico@ximian.com 2006-10-06 08:24 MST ------- $HOME is not trustworthy, because you could change it to try to spoof setuid programs. Neither is $LOGNAME, for the same reason. GNOME does this (glib/glib/gutils.c:g_get_any_init_do()) (pseudocode): logname = getenv ("LOGNAME"); if (logname) { pw = getpwnam (logname, ...); if (!pw || (pw->pw_uid != getuid()) { /* LOGNAME is lying. Trust the functions instead. */ pw = getpwuid (getuid (), ...); } } else pw = getpwuid (getuid (), ...); if (!pw) g_home_dir = getenv ("HOME"); /* fallback */ Please see http://bugzilla.gnome.org/show_bug.cgi?id=319535 for an additional case where this is needed. [Why do you want to change $HOME at all?] -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.