From: Ulrich Mueller <ulm@gentoo.org>
To: Paul Eggert <eggert@cs.ucla.edu>
Cc: 33847@debbugs.gnu.org
Subject: bug#33847: 27.0.50; emacsclient does not find server socket
Date: Wed, 26 Dec 2018 03:27:50 +0100 [thread overview]
Message-ID: <w6gtvj13tuh.fsf@kph.uni-mainz.de> (raw)
In-Reply-To: <9ebcad22-2cdb-46fb-4be9-efc4ad234b6d@cs.ucla.edu> (Paul Eggert's message of "Tue, 25 Dec 2018 16:24:10 -0800")
>>>>> On Wed, 26 Dec 2018, Paul Eggert wrote:
>> IMHO that's not an acceptable solution. emacsclient should just work in
>> the default configuration, without requiring the user to jump through
>> hoops, and an Emacs daemon should persist between sessions (otherwise
>> "daemon" would be a misnomer). Or is that use case really so uncommon?
> We have a conflict here between "just work" and security. There are
> multiple workarounds for the problem that you mention; if none of them
> are convenient enough perhaps you can suggest a more-convenient one.
IMHO, unsetting a standard variable like XDG_RUNTIME_DIR (as you've
suggested above) in the user's session isn't really an option. And a
wrapper script around emacsclient would be just awkward.
Plus, as it is currently implemented, there isn't even a unique way to
override the socket's location. I notice that emacsclient will now
honour the EMACS_SOCKET_NAME variable, but then again, server.el doesn't
use it. So if we would want to override the socket's location at the
distro level (e.g., place it in /run/emacs/${USER}/), how could we do
that? Having to add configuration to both site-start.el and to the
user's environment seems less than optimal.
> The default should be secure, though.
If it is a security issue, then why isn't the fix in the emacs-26 branch
as well? Also, why is there still a fallback to TMPDIR, if that's
considered insecure?
>> if there is a security problem, how would it disappear by moving
>> the socket to XDG_RUNTIME_DIR? Note that other tools like "screen" also
>> place their sockets in a subdir of /tmp.
> XDG_RUNTIME_DIR is guaranteed to be a directory owned by the user and
> readable and writable by nobody else. /tmp/emacsUID does not have that
> property.
XDG_RUNTIME_DIR is simply not suitable for the purpose, because (by its
specification) it will disappear when the login session ends, leading to
an Emacs daemon process that has no socket and can no longer be
connected to. Of course, unless one assumes that the daemon will not
persist the login session, but what would be the point of starting Emacs
as a daemon then?
> The 'screen' workaround does not appear to apply to Emacs, since Emacs
> is programmable and if Emacs were made setgid its users could easily
> modify Emacs's behavior to manipulate the contents of any such
> /run/emacs directory in any way they pleased.
No need for Emacs itself to be setgid, because the directory could
be created by calling an auxiliary setgid program (similar to
update-game-score).
next prev parent reply other threads:[~2018-12-26 2:27 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-23 9:48 bug#33847: 27.0.50; emacsclient does not find server socket Ulrich Mueller
2018-12-23 16:20 ` Ulrich Mueller
2018-12-25 21:02 ` Paul Eggert
2018-12-25 23:29 ` Ulrich Mueller
2018-12-26 0:24 ` Paul Eggert
2018-12-26 2:27 ` Ulrich Mueller [this message]
2018-12-26 6:59 ` Paul Eggert
2018-12-26 15:14 ` Ulrich Mueller
2018-12-26 18:32 ` Paul Eggert
2018-12-28 6:37 ` Ulrich Mueller
2018-12-30 6:47 ` Paul Eggert
2018-12-27 3:38 ` Richard Stallman
2018-12-27 16:42 ` Paul Eggert
2018-12-27 17:13 ` Paul Eggert
2018-12-28 6:19 ` Ulrich Mueller
2018-12-28 6:35 ` Paul Eggert
2018-12-28 6:51 ` Ulrich Mueller
2018-12-30 6:44 ` Paul Eggert
2019-01-20 17:59 ` Ulrich Mueller
2019-02-10 8:37 ` Ulrich Mueller
2019-02-10 9:48 ` Eli Zaretskii
2020-08-19 11:05 ` Lars Ingebrigtsen
2020-08-21 21:28 ` Paul Eggert
2020-08-22 7:24 ` Ulrich Mueller
2020-08-22 7:33 ` Andreas Schwab
2020-08-22 7:45 ` Ulrich Mueller
2020-08-22 8:00 ` Eli Zaretskii
2020-08-22 17:51 ` Paul Eggert
2020-08-22 7:59 ` Eli Zaretskii
2020-08-22 17:55 ` Paul Eggert
2020-08-22 18:30 ` Eli Zaretskii
2020-08-22 21:20 ` Paul Eggert
2020-08-23 5:41 ` Eli Zaretskii
2021-07-22 13:08 ` Lars Ingebrigtsen
2021-07-22 16:45 ` Eli Zaretskii
2021-07-22 17:05 ` Lars Ingebrigtsen
2021-07-22 17:30 ` Eli Zaretskii
2021-07-23 11:31 ` Lars Ingebrigtsen
2021-07-23 11:38 ` Lars Ingebrigtsen
2021-07-23 23:58 ` Paul Eggert
2021-07-24 6:23 ` Eli Zaretskii
2021-07-24 7:48 ` Paul Eggert
2021-07-24 8:25 ` Eli Zaretskii
2021-07-24 23:31 ` Paul Eggert
2021-07-25 6:32 ` Eli Zaretskii
2021-07-25 16:22 ` Paul Eggert
[not found] ` <a0688fd6-9e73-73d8-6138-3280981abcb5@cs.ucla.edu>
2021-07-25 16:34 ` Eli Zaretskii
2021-10-04 6:45 ` Paul Eggert
2021-07-25 7:27 ` Eli Zaretskii
2021-07-24 10:11 ` Lars Ingebrigtsen
2021-07-24 19:37 ` Paul Eggert
2021-07-23 11:58 ` Eli Zaretskii
2021-07-22 18:30 ` Ulrich Mueller
2019-04-27 1:41 ` Teika Kazura
2019-04-27 7:56 ` Eli Zaretskii
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=w6gtvj13tuh.fsf@kph.uni-mainz.de \
--to=ulm@gentoo.org \
--cc=33847@debbugs.gnu.org \
--cc=eggert@cs.ucla.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).