From: Jim Porter <jporterbugs@gmail.com>
To: Ulrich Mueller <ulm@gentoo.org>, 51327@debbugs.gnu.org
Subject: bug#51327: 28.0.60; emacsclient warns about XDG_RUNTIME_DIR when starting daemon on demand
Date: Fri, 5 Nov 2021 10:54:29 -0700 [thread overview]
Message-ID: <238ece9e-df13-a604-ba3a-36b346857423@gmail.com> (raw)
In-Reply-To: <uczneyjin@gentoo.org>
On 11/5/2021 3:38 AM, Ulrich Mueller wrote:
> If I understand this report correctly, the problem is just the spurious
> warning about XDG_RUNTIME_DIR?
>
> Instead of changing the functionality (which breaks other use cases, see
> my message to emacs-devel), wouldn't it make more sense to just suppress
> the warning if the variable is set? As in attached patch?
It's not just a spurious warning; the warning is telling the user about
a real problem, though the wording is a bit confusing for this
particular case. If a user calls `emacsclient --alternate-editor=""'
with XDG_RUNTIME_DIR set and no Emacs server running, emacsclient will
check in both XDG_RUNTIME_DIR and TMPDIR to find the server socket
before giving up and starting the daemon.
Since XDG_RUNTIME_DIR exists (at least in part) to prevent symlink
attacks, Emacs should try to avoid checking TMPDIR in order to avoid
this vulnerability. Emacs 27 is secure in this regard, since it *never*
checks TMPDIR if XDG_RUNTIME_DIR is set. However, that behavior caused
the problems described in bug#33847. The patch I posted is a compromise
that restores the secure behavior for users who set the alternate editor
and want to start the Emacs daemon on demand (it's not perfect though;
see my reply in emacs-devel).
next prev parent reply other threads:[~2021-11-05 17:54 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-22 4:58 bug#51327: 28.0.60; emacsclient warns about XDG_RUNTIME_DIR when starting daemon on-demand Jim Porter
2021-10-30 19:37 ` Jim Porter
2021-10-30 22:33 ` Paul Eggert
2021-12-07 11:26 ` Stefan Kangas
2021-12-07 14:27 ` Eli Zaretskii
2021-12-07 14:58 ` Stefan Kangas
2021-12-07 19:03 ` Paul Eggert
2021-12-08 6:57 ` Jim Porter
2021-12-08 19:06 ` Paul Eggert
2021-12-08 19:16 ` Eli Zaretskii
2021-12-08 20:23 ` Stefan Kangas
2021-12-08 21:56 ` Ulrich Mueller
2021-12-08 22:56 ` Jim Porter
2021-12-08 23:44 ` Paul Eggert
2021-12-09 0:19 ` Ulrich Mueller
2021-12-09 7:32 ` Eli Zaretskii
2021-12-09 7:44 ` Ulrich Mueller
2021-12-09 17:12 ` Paul Eggert
2021-12-09 18:34 ` Eli Zaretskii
2021-12-09 19:45 ` Jim Porter
2021-12-09 19:48 ` Paul Eggert
2021-12-09 19:57 ` Eli Zaretskii
2021-12-09 20:04 ` Paul Eggert
2022-09-10 5:01 ` Lars Ingebrigtsen
2022-09-10 5:53 ` Paul Eggert via Bug reports for GNU Emacs, the Swiss army knife of text editors
2021-12-09 4:10 ` Richard Stallman
2021-11-05 10:38 ` bug#51327: 28.0.60; emacsclient warns about XDG_RUNTIME_DIR when starting daemon on demand Ulrich Mueller
2021-11-05 17:54 ` Jim Porter [this message]
2021-11-05 18:05 ` Ulrich Mueller
2021-11-05 18:38 ` Jim Porter
2021-11-05 19:02 ` Ulrich Mueller
2021-11-11 13:04 ` Ulrich Mueller
2021-11-11 17:06 ` Jim Porter
2021-11-12 2:21 ` Paul Eggert
2021-12-07 14:58 ` Stefan Kangas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=238ece9e-df13-a604-ba3a-36b346857423@gmail.com \
--to=jporterbugs@gmail.com \
--cc=51327@debbugs.gnu.org \
--cc=ulm@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).