From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Pedro Andres Aranda Gutierrez Newsgroups: gmane.emacs.devel Subject: Re: emacsclient startup messages Date: Sun, 31 Oct 2021 16:44:58 +0100 Message-ID: References: <89dc096b-6c33-db5a-d2d2-b43fb92e4900@gmail.com> <074495a9-aff8-edce-f81f-51fdfc622f6e@gmail.com> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="000000000000dcfe7705cfa7f283" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="33409"; mail-complaints-to="usenet@ciao.gmane.io" Cc: Ulrich Mueller , emacs-devel To: Jim Porter Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Sun Oct 31 16:46:30 2021 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mhD2U-0008Vr-E4 for ged-emacs-devel@m.gmane-mx.org; Sun, 31 Oct 2021 16:46:30 +0100 Original-Received: from localhost ([::1]:45456 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mhD2T-00053u-84 for ged-emacs-devel@m.gmane-mx.org; Sun, 31 Oct 2021 11:46:29 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:48854) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mhD1U-0004Kj-M3 for emacs-devel@gnu.org; Sun, 31 Oct 2021 11:45:28 -0400 Original-Received: from mail-lf1-x12e.google.com ([2a00:1450:4864:20::12e]:45677) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mhD1S-0004Qr-Dy for emacs-devel@gnu.org; Sun, 31 Oct 2021 11:45:28 -0400 Original-Received: by mail-lf1-x12e.google.com with SMTP id f3so23397728lfu.12 for ; Sun, 31 Oct 2021 08:45:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0CDMlBFhdGKcNw+AbLHoshImIB/1o9JbflzjtzgInFw=; b=N7XEXDxdckxvr1e81GiwRlnzgVSKSfVLtVkFFVgDBbdSlG7d/BqjGOSHXVcDe0h4GQ DVm/jOVr8xgboo4qXK5UurdEs9kVeqHAZjRIFmtfdMgs4SrSMgvH5gg8zmyVIj5Phq5k ht86XUDJbvzN4wQaSpKirIKRkCDDH5zgjEftN2mY0r825NR2IeJfZa05xg6oxYiUlpwC vttZQpAiaAHwz/iwAUtowx4IKjsmH4kYMYePGtSVNeAm3OwRIk6X57rfZbbOnIaSBteF ebbERr7g6RXDqtumu24nPjRsodqMIM7TzQMU8/Vzb3njx79Jh/NwXtsIkS9urwXc84H7 wM/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0CDMlBFhdGKcNw+AbLHoshImIB/1o9JbflzjtzgInFw=; b=m/IRdf8GpR7x6tR/wreZSWvOL8uuWw+azAL46OJgO6G8awPkinFYuuHaYFHRJsIXZ6 elrDrJWAOsFqU4/JgtVWr33XO7ap+UGw/cxe1PnfcLCWA7YgA+TtcGbXuVMsVESs+l65 tagAbTPjibgUOObB0GcmUgcMPuxKsR2FNXNba6w/WV6bbEdktorqytE8/bx7m4dlj7Po mPG+OWdk2onVbakTuJf0XMZ8U1EUvo6dHTtHTviFkIabVXfSHPwzprODIfSyziH+Emf4 94iT9o49pFIKoRbVjQ+npTSrHPBASwddeSAhwMRBs0CA0w8HrronqtyRAWvMxRMGl7gD xOGw== X-Gm-Message-State: AOAM530//laFwWid6UnU6y+FZTOj5Uh2ykoYm9HXoMbPCNl6uQTIdSn1 jl+B1DgA4R9cstfQSnPaOLTQgrFSDmtuUjwfrPQ= X-Google-Smtp-Source: ABdhPJyqyb4AdTrHotU1rQbJz1wPGfVLykedXMn+cLE/b+dMaCZJQ/0So3rLigIlHYxedxrTYUf/emaTlLySKnpAHG8= X-Received: by 2002:ac2:4c04:: with SMTP id t4mr23067392lfq.525.1635695124609; Sun, 31 Oct 2021 08:45:24 -0700 (PDT) In-Reply-To: Received-SPF: pass client-ip=2a00:1450:4864:20::12e; envelope-from=paaguti@gmail.com; helo=mail-lf1-x12e.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:278315 Archived-At: --000000000000dcfe7705cfa7f283 Content-Type: text/plain; charset="UTF-8" Hi again, it took a bit longer, but here we are... The patch does what I was dreaming of (i.e. getting rid of the xdg message when calling emacsclient with -a or when $ALTERNATE_EDITOR is set. Thanks! /PA On Sun, 31 Oct 2021 at 11:03, Pedro Andres Aranda Gutierrez < paaguti@gmail.com> wrote: > HI Jim, > I've patched my emacs-28 source and am compiling the whole beat right now. > Once installed, I'll let you know :-) > /PA > > On Sat, 30 Oct 2021 at 21:47, Jim Porter wrote: > >> On 10/30/2021 12:16 PM, Jim Porter wrote: >> > On 10/30/2021 10:39 AM, Ulrich Mueller wrote: >> >> There can be situations where there is an XDG environment for the >> client >> >> but not for the daemon. >> > >> > Right, the patch in bug#33847 should handle that case correctly, but >> I'm >> > pretty sure the current implementation opens users who spawn the Emacs >> > daemon on-demand to symlink attacks. That's due to the code needing to >> > check both XDG_RUNTIME_DIR and TMPDIR before being sure there's no >> > daemon to connect to. >> > >> > I can think of two ways to avoid this issue: >> [snip] >> > 2) If XDG_RUNTIME_DIR and ALTERNATE_EDITOR/--alternate-editor are both >> > set, never check TMPDIR. This should let both cases work without >> > requiring users to explicitly set a flag anywhere, but it the lack of >> > explicitness could be more confusing. I think this should work fine in >> > all cases, since users running `emacs --daemon' without XDG probably >> > won't be using ALTERNATE_EDITOR (the daemon should always be running, >> so >> > there's no need for an alternate editor). >> >> I posted a patch for method (2) to bug#51327 here: >> . >> > > > -- > Fragen sind nicht da um beantwortet zu werden, > Fragen sind da um gestellt zu werden > Georg Kreisler > -- Fragen sind nicht da um beantwortet zu werden, Fragen sind da um gestellt zu werden Georg Kreisler --000000000000dcfe7705cfa7f283 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi again,
it took a bit longer, but here we= are... The patch does what I was dreaming of (i.e. getting rid of the xdg = message when calling emacsclient with -a or when $ALTERNATE_EDITOR is set.<= /div>

Thanks!
/PA

On Sun, 31 Oct 2021= at 11:03, Pedro Andres Aranda Gutierrez <paaguti@gmail.com> wrote:
HI Jim,
I've pa= tched my emacs-28 source and am compiling the whole beat right now.
Once installed, I'll let you know :-)
/PA
<= br>
On Sat,= 30 Oct 2021 at 21:47, Jim Porter <jporterbugs@gmail.com> wrote:
On 10/30/2021 12:16 PM, Jim Port= er wrote:
> On 10/30/2021 10:39 AM, Ulrich Mueller wrote:
>> There can be situations where there is an XDG environment for the = client
>> but not for the daemon.
>
> Right, the patch in bug#33847 should handle that case correctly, but I= 'm
> pretty sure the current implementation opens users who spawn the Emacs=
> daemon on-demand to symlink attacks. That's due to the code needin= g to
> check both XDG_RUNTIME_DIR and TMPDIR before being sure there's no=
> daemon to connect to.
>
> I can think of two ways to avoid this issue:
[snip]
> 2) If XDG_RUNTIME_DIR and ALTERNATE_EDITOR/--alternate-editor are both=
> set, never check TMPDIR. This should let both cases work without
> requiring users to explicitly set a flag anywhere, but it the lack of =
> explicitness could be more confusing. I think this should work fine in=
> all cases, since users running `emacs --daemon' without XDG probab= ly
> won't be using ALTERNATE_EDITOR (the daemon should always be runni= ng, so
> there's no need for an alternate editor).

I posted a patch for method (2) to bug#51327 here:
<https://lists.gnu.org/arch= ive/html/bug-gnu-emacs/2021-10/msg02638.html>.


--
Fragen sind nicht da um beantworte= t zu werden,
Fragen sind da um gestellt zu werden
Georg K= reisler


--
Fragen sin= d nicht da um beantwortet zu werden,
Fragen sind da um gestellt zu= werden
Georg Kreisler
--000000000000dcfe7705cfa7f283--