[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-commits
Subject:    kdeutils/klaptopdaemon [POSSIBLY UNSAFE]
From:       Paul Campbell <paul () taniwha ! com>
Date:       2003-01-23 21:44:39
[Download RAW message or body]

CVS commit by campbell: 



added code documentation


  M +21 -3     acpi_helper.cpp   1.6 [POSSIBLY UNSAFE: printf]


--- kdeutils/klaptopdaemon/acpi_helper.cpp  #1.5:1.6
@@ -4,7 +4,4 @@
  * Copyright (c) 2002 Paul Campbell <paul@taniwha.com>
  *
- * Requires the Qt widget libraries, available at no cost at
- * http://www.troll.no/
- *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -21,4 +18,25 @@
  *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  */
+
+//
+//      README!!
+//
+//      This file contains code that is intended to be run setuid root
+//      (only if the end user enables it themselves, it's not set that
+//      way as part of a standard KDE build).
+//
+//      Because of this this code should be simple and easily visually
+//      inspected for security holes and/or bugs - if you feel the need
+//      to change this file please get someone else to review your work
+//      (I'll happily do it for you - mail me at paul@taniwha.com, please
+//      review mine!)
+//
+//      I recommend the following practices here - both for safety and
+//      transparency:
+//
+//              - check all array references (snprintf/strncpy etc)
+//
+//              - avoid malloc/new calls and pointers  too if possible
+//
 
 #include <stdio.h>


[prev in list] [next in list] [prev in thread] [next in thread]