From 6b8c7a9881b79254c618356a4dfa257812a6fe5c Mon Sep 17 00:00:00 2001 From: Jim Porter Date: Sat, 30 Oct 2021 12:22:02 -0700 Subject: [PATCH] Prevent symlink attacks in emacsclient when an alternate editor is set * lib-src/emacsclient.c (set_local_socket): Don't look in TMPDIR for a socket if we have an alternate editor and XDG_RUNTIME_DIR is set (Bug#51327). --- lib-src/emacsclient.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib-src/emacsclient.c b/lib-src/emacsclient.c index cff3cec2a7..1305226056 100644 --- a/lib-src/emacsclient.c +++ b/lib-src/emacsclient.c @@ -1466,7 +1466,10 @@ set_local_socket (char const *server_name) ? connect_socket (AT_FDCWD, sockname, s, 0) : ENAMETOOLONG); } - if (sock_status == ENOENT) + /* Fall back to checking for a socket in TMPDIR unless we have + an alternate editor and XDG_RUNTIME_DIR is set. In that + case, we want to bail out and spawn the alternate editor. */ + if (!(xdg_runtime_dir && alternate_editor) && sock_status == ENOENT) { char const *tmpdir = egetenv ("TMPDIR"); if (tmpdir) -- 2.25.1