From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Paul Eggert Newsgroups: gmane.emacs.bugs Subject: bug#33847: 27.0.50; emacsclient does not find server socket Date: Sat, 22 Aug 2020 10:51:44 -0700 Organization: UCLA Computer Science Department Message-ID: References: <8a6fc59c-08b3-e274-4fb1-74674c79540a@cs.ucla.edu> <9ebcad22-2cdb-46fb-4be9-efc4ad234b6d@cs.ucla.edu> <27d2f2eb-8956-4088-f3ec-5ff6c2cf2e8f@cs.ucla.edu> <87eeo27v6k.fsf@gnus.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="8207"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 Cc: Lars Ingebrigtsen , Teika Kazura , 33847@debbugs.gnu.org To: Ulrich Mueller Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sat Aug 22 19:52:17 2020 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1k9Xgf-00021S-2X for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 22 Aug 2020 19:52:17 +0200 Original-Received: from localhost ([::1]:47012 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1k9Xgd-0001Je-KB for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 22 Aug 2020 13:52:15 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:44050) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k9XgQ-0001JK-CH for bug-gnu-emacs@gnu.org; Sat, 22 Aug 2020 13:52:02 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:39813) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1k9XgQ-0005LG-2W for bug-gnu-emacs@gnu.org; Sat, 22 Aug 2020 13:52:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1k9XgQ-0005UJ-0Z for bug-gnu-emacs@gnu.org; Sat, 22 Aug 2020 13:52:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Paul Eggert Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 22 Aug 2020 17:52:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 33847 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Original-Received: via spool by 33847-submit@debbugs.gnu.org id=B33847.159811871521079 (code B ref 33847); Sat, 22 Aug 2020 17:52:01 +0000 Original-Received: (at 33847) by debbugs.gnu.org; 22 Aug 2020 17:51:55 +0000 Original-Received: from localhost ([127.0.0.1]:51359 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k9XgI-0005Tu-P9 for submit@debbugs.gnu.org; Sat, 22 Aug 2020 13:51:54 -0400 Original-Received: from zimbra.cs.ucla.edu ([131.179.128.68]:52456) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k9XgF-0005Th-Pd for 33847@debbugs.gnu.org; Sat, 22 Aug 2020 13:51:53 -0400 Original-Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 390D11600EB; Sat, 22 Aug 2020 10:51:46 -0700 (PDT) Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 7kfFEfHN8f4H; Sat, 22 Aug 2020 10:51:45 -0700 (PDT) Original-Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 40DA71600ED; Sat, 22 Aug 2020 10:51:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id QzygWu7dDHVN; Sat, 22 Aug 2020 10:51:45 -0700 (PDT) Original-Received: from [192.168.1.9] (cpe-75-82-69-226.socal.res.rr.com [75.82.69.226]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id DEDE21600EB; Sat, 22 Aug 2020 10:51:44 -0700 (PDT) Autocrypt: addr=eggert@cs.ucla.edu; prefer-encrypt=mutual; keydata= LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUlOQkV5QWNtUUJFQURB QXlIMnhvVHU3cHBHNUQzYThGTVpFb243NGRDdmM0K3ExWEEySjJ0QnkycHdhVHFmCmhweHhk R0E5Smo1MFVKM1BENGJTVUVnTjh0TFowc2FuNDdsNVhUQUZMaTI0NTZjaVNsNW04c0thSGxH ZHQ5WG0KQUF0bVhxZVpWSVlYL1VGUzk2ZkR6ZjR4aEVtbS95N0xiWUVQUWRVZHh1NDd4QTVL aFRZcDVibHRGM1dZRHoxWQpnZDdneDA3QXV3cDdpdzdlTnZub0RUQWxLQWw4S1lEWnpiRE5D UUdFYnBZM2VmWkl2UGRlSStGV1FONFcra2doCnkrUDZhdTZQcklJaFlyYWV1YTdYRGRiMkxT MWVuM1NzbUUzUWpxZlJxSS9BMnVlOEpNd3N2WGUvV0szOEV6czYKeDc0aVRhcUkzQUZINmls QWhEcXBNbmQvbXNTRVNORnQ3NkRpTzFaS1FNcjlhbVZQa25qZlBtSklTcWRoZ0IxRApsRWR3 MzRzUk9mNlY4bVp3MHhmcVQ2UEtFNDZMY0ZlZnpzMGtiZzRHT1JmOHZqRzJTZjF0azVlVThN Qml5Ti9iClowM2JLTmpOWU1wT0REUVF3dVA4NGtZTGtYMndCeHhNQWhCeHdiRFZadWR6eERa SjFDMlZYdWpDT0pWeHEya2wKakJNOUVUWXVVR3FkNzVBVzJMWHJMdzYrTXVJc0hGQVlBZ1Jy NytLY3dEZ0JBZndoU In-Reply-To: Content-Language: en-US X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:185981 Archived-At: On 8/22/20 12:24 AM, Ulrich Mueller wrote: >>>>>> On Fri, 21 Aug 2020, Paul Eggert wrote: > >> These use cases continue to be dubious security-wise (for other >> programs as well as for Emacs), but if they're popular then this patch >> should help people avoid shooting themselves in the foot quite so >> often. > > Looks complicated. Yes. It's complicated partly because it fixes longstanding obscure security bugs in the /tmp handling code. These bugs should be fixed anyway, regardless of what we do about XDG_RUNTIME_DIR. With some effort I could break it into two patches but I'd rather not spend the effort - I already have spent more time in this obscure but security-relevant area than I'd like. > What about my earlier suggestion to avoid both /tmp and XDG_RUNTIME_DIR, > but create the socket in a subdir of user-emacs-directory instead? This would be worse for several reasons: you'd need to disambiguate via hostname, you'd need to guarantee hostnames are unique, you'd have problems when NFS is flaky or hanging in your home directory, and you'd need to deal with socket files that survive OS crashes.