From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Paul Eggert <eggert@cs.ucla.edu>
Newsgroups: gmane.emacs.bugs
Subject: bug#51327: 28.0.60;
 emacsclient warns about XDG_RUNTIME_DIR when starting daemon on-demand
Date: Tue, 7 Dec 2021 11:03:35 -0800
Organization: UCLA Computer Science Department
Message-ID: <212e4974-785a-65e0-70cc-fed7ea3ddacf@cs.ucla.edu>
References: <ba5ee273-9d0f-7baf-ef2e-d0b005f29ed0@gmail.com>
 <53706fa9-1458-fb5c-bd31-15ab555b59e9@gmail.com>
 <b6140cd0-b692-0be9-70c2-64e751381ae6@cs.ucla.edu>
 <CADwFkmk3hCc_2ZcqJnexHKt7tNnBsUbGpM1X57-xtLU3EKrKjg@mail.gmail.com>
 <834k7kze0z.fsf@gnu.org>
 <CADwFkmkB6f5DWiUZaMOueDmqwyyutxBqoTYEkKFXx4Y0q52Zmw@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="12672"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.3.1
Cc: jporterbugs@gmail.com, 51327@debbugs.gnu.org
To: Stefan Kangas <stefan@marxist.se>, Eli Zaretskii <eliz@gnu.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Tue Dec 07 20:04:37 2021
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1muflS-0002wh-9w
	for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 07 Dec 2021 20:04:34 +0100
Original-Received: from localhost ([::1]:52546 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1muflR-0007PG-78
	for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 07 Dec 2021 14:04:33 -0500
Original-Received: from eggs.gnu.org ([209.51.188.92]:43080)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1mufkz-0007Nl-Qz
 for bug-gnu-emacs@gnu.org; Tue, 07 Dec 2021 14:04:07 -0500
Original-Received: from debbugs.gnu.org ([209.51.188.43]:55332)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1mufkw-00074N-A9
 for bug-gnu-emacs@gnu.org; Tue, 07 Dec 2021 14:04:05 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1mufkv-0008PK-Su
 for bug-gnu-emacs@gnu.org; Tue, 07 Dec 2021 14:04:01 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: Paul Eggert <eggert@cs.ucla.edu>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Tue, 07 Dec 2021 19:04:01 +0000
Resent-Message-ID: <handler.51327.B51327.163890382532292@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 51327
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: security patch
Original-Received: via spool by 51327-submit@debbugs.gnu.org id=B51327.163890382532292
 (code B ref 51327); Tue, 07 Dec 2021 19:04:01 +0000
Original-Received: (at 51327) by debbugs.gnu.org; 7 Dec 2021 19:03:45 +0000
Original-Received: from localhost ([127.0.0.1]:38645 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1mufke-0008Om-SD
 for submit@debbugs.gnu.org; Tue, 07 Dec 2021 14:03:45 -0500
Original-Received: from zimbra.cs.ucla.edu ([131.179.128.68]:36644)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eggert@cs.ucla.edu>) id 1mufkd-0008OX-26
 for 51327@debbugs.gnu.org; Tue, 07 Dec 2021 14:03:43 -0500
Original-Received: from localhost (localhost [127.0.0.1])
 by zimbra.cs.ucla.edu (Postfix) with ESMTP id C82B31600D5;
 Tue,  7 Dec 2021 11:03:36 -0800 (PST)
Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1])
 by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032)
 with ESMTP id 0snz_ujliRHn; Tue,  7 Dec 2021 11:03:36 -0800 (PST)
Original-Received: from localhost (localhost [127.0.0.1])
 by zimbra.cs.ucla.edu (Postfix) with ESMTP id 143061600EA;
 Tue,  7 Dec 2021 11:03:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu
Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1])
 by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026)
 with ESMTP id 5Af4CBKDrfSd; Tue,  7 Dec 2021 11:03:35 -0800 (PST)
Original-Received: from [192.168.1.9] (cpe-172-91-119-151.socal.res.rr.com
 [172.91.119.151])
 by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id D9D0B1600D5;
 Tue,  7 Dec 2021 11:03:35 -0800 (PST)
Content-Language: en-US
In-Reply-To: <CADwFkmkB6f5DWiUZaMOueDmqwyyutxBqoTYEkKFXx4Y0q52Zmw@mail.gmail.com>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: "bug-gnu-emacs"
 <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.bugs:221864
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/221864>

On 12/7/21 06:58, Stefan Kangas wrote:
> Eli Zaretskii <eliz@gnu.org> writes:
> 
>>> Agreed.  The only question is if this patch should go to emacs-28 or
>>> master?  Perhaps Eli or Lars has an opinion about that.
>>
>> AFAIU, Ulrich wasn't happy with that patch and proposed an
>> alternative?
> 
> You are correct, so it seems like we need to think about this more
> closely before taking action.
> 
> I linked the relevant emacs-devel thread with more discussion
> separately.

Although none of us has done a thorough security audit, I still think 
that looking in TMPDIR first is a security loophole that is exploitable 
in some circumstances.

Ulrich says the loophole is small because Emacs verifies that the 
current user is the socket owner. However, small loopholes can still be 
exploited: for example, an attacker could cause you to think that you're 
connecting to your Emacs when you're really connecting to another of 
your processes, and this could still lead to problems (particularly if 
you're root).