[GRASS5] 755 on /usr/local/grass-6.1.cvs/docs/html/*.png

Hi,

The *.png files in grass6/dist.i686-pc-linux-gnu/docs/html permissions
are 755. Wouldn't be 644 enough? 755 is populated
to /usr/local/grass-6.1.cvs/docs/html on install.

Maciek

--------------------
Szukasz do?wiadczonej firmy poligraficznej? Zale?y Ci na terminowo?ci i atrakcyjnych cenach?
Zapraszamy do nas!
http://www.foldruk.pl/

Maciek Sieczka wrote:

The *.png files in grass6/dist.i686-pc-linux-gnu/docs/html permissions
are 755. Wouldn't be 644 enough? 755 is populated
to /usr/local/grass-6.1.cvs/docs/html on install.

The files are installed using $(INSTALL), where it should be
$(INSTALL_DATA) for data files. I'm just testing the changes; I'll
commit them once they're tested.

An aside:

One consequence of installing "*.png" in the html directory is that
the d.out.png script gets installed there. It isn't a major issue,
although I can think of two potential issues regarding browsing the
directory with a graphical file manager.

1. If the program automatically generates thumbnails for "image" files
(based upon the file's suffix), trying to decode d.out.png may test
the robustness of its PNG decoder.

2. If a user "runs" it, expecting to view a PNG file, but the file
manager detects scripts by the #! marker, they may actually run it. I
don't know whether there would be any adverse consequences.

More generally, GRASS' naming convention (dots in program names) makes
programs like r.out.{png,ppm,tiff} show up as PNG/PPM/TIFF files in
graphical file managers. I suppose it's too late to change that now,
although it might be worth forcing the .exe suffix onto binaries when
compiling on Windows.

Otherwise, there could be reliability or even security issues on
Windows, which is rather inconsistent in how it determines the types
of files. Sometimes it looks at the suffix, sometimes the MIME type
(for HTTP or email), sometimes it looks at the first part of the
file's contents.

This issue has been a constant source of security problems in the
past. Particularly with IE and OE, which will pass files to helper
applications based upon the suffix or MIME type, and the helper then
handles the file according to its contents. This can allow controls on
"unsafe" content types to be bypassed, by supplying unsafe content
with a "safe" suffix and MIME type.

--
Glynn Clements <glynn@gclements.plus.com>

On Tue, Jan 31, 2006 at 01:23:18AM +0000, Glynn Clements wrote:
...

More generally, GRASS' naming convention (dots in program names) makes
programs like r.out.{png,ppm,tiff} show up as PNG/PPM/TIFF files in
graphical file managers. I suppose it's too late to change that now,
although it might be worth forcing the .exe suffix onto binaries when
compiling on Windows.

The .exe suffix is already there:

cd grass61/include/Make

grep EXE *
Module.make:PROG=$(BIN)/$(PGM)$(EXE_SUFFIX)
Platform.make:EXE_SUFFIX =
Platform.make.in:EXE_SUFFIX = @EXE_SUFFIX@

On MS-Windows, it is set to .exe.

But the real solution is that someone implements a C version
of r.out.gdal and then to get rid of r.out.{png,ppm,tiff}.

Markus