#1 Use toolslib/camomileconfig

closed
nobody
None
5
2010-04-15
2010-04-07
Sylvain Le Gall
No

The file public/default.ml uses Main.Make(CamomileDefaultConfig) but it should be better to use the module from toolslib/camomileconfig because it uses environment variables which allow to move camomile to different directories.

This feature is very important when you want to create redistribuable packages that contains camomile.

For oasis (through ocaml-gettext), I need to embed *.mar files in my own installer but I cannot do it because paths are hardcoded.

Discussion

  • The locations of *.mar files are hard-coded because of security reason. If the program using camomile elevates permission and camomile data files are located by environment variables, the attacker gains the elevated permission by creating malformed marshaled data and points them as camomile data files by environment variables.

     
    • status: open --> closed