From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Ulrich Mueller Newsgroups: gmane.emacs.bugs Subject: bug#51327: 28.0.60; emacsclient warns about XDG_RUNTIME_DIR when starting daemon on-demand Date: Wed, 08 Dec 2021 22:56:24 +0100 Message-ID: References: <53706fa9-1458-fb5c-bd31-15ab555b59e9@gmail.com> <834k7kze0z.fsf@gnu.org> <212e4974-785a-65e0-70cc-fed7ea3ddacf@cs.ucla.edu> <3107b151-c56b-7c8d-7277-cbc39273a401@gmail.com> <835yryx5yf.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="8721"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) Cc: jporterbugs@gmail.com, Paul Eggert , 51327@debbugs.gnu.org To: Stefan Kangas Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Wed Dec 08 22:57:10 2021 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mv4w1-00021L-Lv for geb-bug-gnu-emacs@m.gmane-mx.org; Wed, 08 Dec 2021 22:57:09 +0100 Original-Received: from localhost ([::1]:59768 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mv4w0-0006te-Gn for geb-bug-gnu-emacs@m.gmane-mx.org; Wed, 08 Dec 2021 16:57:08 -0500 Original-Received: from eggs.gnu.org ([209.51.188.92]:46452) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mv4vu-0006tV-GU for bug-gnu-emacs@gnu.org; Wed, 08 Dec 2021 16:57:02 -0500 Original-Received: from debbugs.gnu.org ([209.51.188.43]:58470) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mv4vu-0001Si-8e for bug-gnu-emacs@gnu.org; Wed, 08 Dec 2021 16:57:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1mv4vt-0001xz-MU for bug-gnu-emacs@gnu.org; Wed, 08 Dec 2021 16:57:01 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Ulrich Mueller Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 08 Dec 2021 21:57:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 51327 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security patch Original-Received: via spool by 51327-submit@debbugs.gnu.org id=B51327.16390005997529 (code B ref 51327); Wed, 08 Dec 2021 21:57:01 +0000 Original-Received: (at 51327) by debbugs.gnu.org; 8 Dec 2021 21:56:39 +0000 Original-Received: from localhost ([127.0.0.1]:41783 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mv4vX-0001xN-Dk for submit@debbugs.gnu.org; Wed, 08 Dec 2021 16:56:39 -0500 Original-Received: from woodpecker.gentoo.org ([140.211.166.183]:56456 helo=smtp.gentoo.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mv4vU-0001x8-OJ for 51327@debbugs.gnu.org; Wed, 08 Dec 2021 16:56:38 -0500 In-Reply-To: (Stefan Kangas's message of "Wed, 8 Dec 2021 12:23:23 -0800") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:221957 Archived-At: >>>>> On Wed, 08 Dec 2021, Stefan Kangas wrote: > Eli Zaretskii writes: >>> Date: Wed, 8 Dec 2021 11:06:12 -0800 >>> Cc: 51327@debbugs.gnu.org >>> From: Paul Eggert >>> >>> On 12/7/21 22:57, Jim Porter wrote: >>> > Doing that by default opens a loophole for all emacsclient users, but >>> > what about a command-line flag like `emacsclient >>> > --allow-tmpdir-loophole' and/or an environment variable like >>> > `EMACS_ALLOW_TMPDIR_LOOPHOLE=1 emacsclient' (with a better name, of >>> > course)? Then, the default behavior would be free of loopholes[2], but >>> > Ulrich's case could be achieved by passing that flag when calling >>> > emacsclient. It might even be possible for Gentoo to enable that for the >>> > user in the appropriate cases... >>> >>> Yes, I think something like this would be OK. The command-line flag >>> would be easier to audit. >>> >>> Not sure whether a last-minute change like this should go into Emacs 28, >>> though, even though it's security-relevant. Eli would be a better judge >>> of that. >> >> If it's a new command-line argument, and if the participants in this >> discussion can live with it as the solution for this problem, I'm okay >> with having it on emacs-28. That's not an acceptable solution, because it will break the existing workflow of users. Furthermore, it will make users jump through hoops to achieve functionality which was the default in previous versions. So, can we please think about a better solution, and not knee-jerk something half-baked into Emacs 28, like checking for yet another environment variable? Even reverting to the Emacs 27 behaviour would be better than what has been suggested above: In Emacs 27, you can set EMACS_SOCKET_NAME to make things work. There's no advantage in introducing yet another variable, which would only complicate things.