Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Separate directory for config #71

Open
zoidbergthepopularone opened this issue Apr 9, 2018 · 5 comments
Open

Separate directory for config #71

zoidbergthepopularone opened this issue Apr 9, 2018 · 5 comments
Labels
enhancement

Comments

@zoidbergthepopularone
Copy link

Hi! Would it be possible to move the configuration files to a separate subdirectory? The current system is suboptimal from a security viewpoint, as in order to have QuickViewer fully functional I have to grant full write access to the application's main folder - which means that anyone can replace the executable with their own malicious one. If the config files rested in a subdirectory, only that subdirectory would have to be writeable, which would prevent that attack vector. And, incidentally, allowed me to move the directory somewhere else by the use of junctions...
@kanryu
Copy link
Owner

kanryu commented Apr 9, 2018

@zoidbergthepopularone QuickViewer is not expected to install in the Program Files folder. (Of course it is technically possible) It is assumed that you save it in your AppData folder, or save it in a USB memory etc. and carry it around.

@zoidbergthepopularone
Copy link
Author

That's perfectly understandable. I wouldn't want it any other way. I am just asking you to move quickviewer.ini and progress.ini from X:\Whatever to X:\Whatever\config. Every other file can remain in X:\Whatever.

@zoidbergthepopularone
Copy link
Author

I wanted to write the fix myself, but unfortunately I am unable to compile QuickViewer due to some Qt dependency that I don't know how to fix. I was actually able to compile Qt (and get something like 26 GB of object files in the process), but not QV. But the change seems really simple, perhaps you would be willing to incorporate it and build QV with your setup? As far as I can tell, it would be enough to modify file QuickViewer/src/models/kvapplication.cpp so that the function QVApplication::getFilePathOfApplicationSetting would read:

QString QVApplication::getFilePathOfApplicationSetting(QString subFilePath)
{
#ifdef Q_OS_WIN
    if(m_portable) {
    	QDir settingsSubDir = getApplicationFilePath(QString("%1/config").arg(subFilePath));
    	if (settingsSubDir.exists()) {
    	    return settingsSubDir;
    	}
        return getApplicationFilePath(subFilePath);
    } else {
        return QDir(QStandardPaths::writableLocation(QStandardPaths::DataLocation)).filePath(subFilePath);
    }
#else
    return getUserHomeFilePath(subFilePath);
#endif
}

instead of:

QString QVApplication::getFilePathOfApplicationSetting(QString subFilePath)
{
#ifdef Q_OS_WIN
    if(m_portable) {
        return getApplicationFilePath(subFilePath);
    } else {
        return QDir(QStandardPaths::writableLocation(QStandardPaths::DataLocation)).filePath(subFilePath);
    }
#else
    return getUserHomeFilePath(subFilePath);
#endif
}

@kanryu
Copy link
Owner

kanryu commented Nov 23, 2021
edited
Loading

Thank you for your effort!

If your thoughts go this far, I think you can make a pull request to modify the source code. Fork this repository of mine to your account, create a branch with a new name, commit source code modifications and submit a pull request to my repository.

Open
@zoidbergthepopularone
Copy link
Author

zoidbergthepopularone commented Nov 23, 2021
edited
Loading

I don't think it's such a great idea to create a pull request if I can't even test its correctness, but sure, I can do it: #175

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kanryu @zoidbergthepopularone