From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Jim Porter Newsgroups: gmane.emacs.devel Subject: Re: emacsclient startup messages Date: Sat, 6 Nov 2021 11:40:09 -0700 Message-ID: <45914742-e247-cb0c-159e-39e38ab2fb73@gmail.com> References: <89dc096b-6c33-db5a-d2d2-b43fb92e4900@gmail.com> <074495a9-aff8-edce-f81f-51fdfc622f6e@gmail.com> <83bl2zdo4u.fsf@gnu.org> <96935ebe-8e7b-0813-1f68-c385b5377a3e@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="35609"; mail-complaints-to="usenet@ciao.gmane.io" Cc: Eli Zaretskii , emacs-devel To: Pedro Andres Aranda Gutierrez , Ulrich Mueller Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Sat Nov 06 19:41:33 2021 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mjQdA-00091c-Qo for ged-emacs-devel@m.gmane-mx.org; Sat, 06 Nov 2021 19:41:32 +0100 Original-Received: from localhost ([::1]:38596 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mjQd8-0001EZ-Qz for ged-emacs-devel@m.gmane-mx.org; Sat, 06 Nov 2021 14:41:30 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:52938) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mjQbw-0000R5-7v for emacs-devel@gnu.org; Sat, 06 Nov 2021 14:40:16 -0400 Original-Received: from mail-pj1-x1031.google.com ([2607:f8b0:4864:20::1031]:53839) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mjQbt-0000aO-Mr; Sat, 06 Nov 2021 14:40:15 -0400 Original-Received: by mail-pj1-x1031.google.com with SMTP id iq11so5225648pjb.3; Sat, 06 Nov 2021 11:40:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=subject:to:cc:references:from:message-id:date:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=ECYpB0RkJe1ZG0Ke6wmDY5GwpIl5TGJ2uxBwsBuDOtE=; b=BCKdFy5gzeMIbXxjxGFsaHLKizWFxT0i90ZF+vyZ60HGibO4crLHlZ/XWMKgpI8ywP rIzhwhA2DInLOZG7Zr2W7c9/wLRuYRWU4glciHyVNBTVzK31+ZqauFW+gjcr8BcH9gMy EXmYBOFsRGR3qkv2++WbIrs3O1gefzgPmxJs765lhS1NxqFPj1ZvLBK5n8V9c3Kzvd3k 6JUk7VVlNYkrJ3/vSY3/Ug6MDOBpN8IMJ0M0Vo2OOgi0QY+S+5Io86FLEBkmaRf7AAP/ DYS6ER3Cc7C+L0Tn1S9EncY23tUxQxb6rfar4ek+07L5E4nEQRwNSZRvcP5Dg3nWjG5M zpRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=ECYpB0RkJe1ZG0Ke6wmDY5GwpIl5TGJ2uxBwsBuDOtE=; b=ZSCFphPJ1JrNozfrNbxOHLKLdOa7QHGw9hDLe7jG09T91vrFnx407QF5W9rEShJUGv ocptNxSwbHo+JyxPDLXp+ggFFDM4CZIxQmKE7ZO0P+Kym1Zsq2h47mxBUj+LhR7Cr2Ld dog42lOj0JYVeSCLYmTvhrXiwu/16mmLlMo2TQnX4T+mesJFwNpXVx9HfXRSyyNCZp4h MGOB+MaarMGPVqGi68yp3V1GO8ZvItubHYI2+ORwgVQwb7AB7oMZKaZsHvNGUgqzq9QW hUEsXToXzpMYToGOohTKQaO65s06yGMk3f+XXHPJ0nFJwSoQaluk4pb+kTTF4SrD3Qx8 4d3w== X-Gm-Message-State: AOAM5337KLGgeb/bTVhG15h9fCXEteA59wgmw/sG7+vG/FUIlMBVAESz kF1WLodFZ835jWzN+GA98GIhqVZZoP4= X-Google-Smtp-Source: ABdhPJzFpHpkAEPemuOc3Ar0U9pplC6/s4CG071hQLPmypmVrMA3+FuAmsqxSLIYBtycX20ChSEDcw== X-Received: by 2002:a17:90b:21d1:: with SMTP id ll17mr39755151pjb.116.1636224011200; Sat, 06 Nov 2021 11:40:11 -0700 (PDT) Original-Received: from [192.168.1.2] (cpe-76-168-148-233.socal.res.rr.com. [76.168.148.233]) by smtp.googlemail.com with ESMTPSA id m4sm11155586pjs.1.2021.11.06.11.40.10 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 06 Nov 2021 11:40:10 -0700 (PDT) In-Reply-To: Content-Language: en-US Received-SPF: pass client-ip=2607:f8b0:4864:20::1031; envelope-from=jporterbugs@gmail.com; helo=mail-pj1-x1031.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:278891 Archived-At: On 11/6/2021 4:35 AM, Pedro Andres Aranda Gutierrez wrote: > hmmm... from a user's perspective I really don't know what I gain by > having emacs running as a daemon if I boot up my laptop to say watch a > film or listen to a recording from my satellite PVR just for the fun of it. This is roughly in line with how I use Emacs too: I start it up, I edit stuff, and then when I'm done (which may take anywhere from a few minutes to a few weeks), I close Emacs entirely. However, for the issue of these startup messages, I think the main thing we need to do here is to figure out whether the XDG_RUNTIME_DIR warning is a legitimate warning (i.e. it's informing the user that they're vulnerable to a symlink attack), and then either a) fix the vulnerability or b) remove the warning if there's no vuln. I'm not an expert on this sort of security analysis, so I can't really say for sure whether this is a real vulnerability. However, Paul Eggert's message[1] agrees it *is* insecure, so it should be fixed (somehow). The question then would be how to close the vulnerability while supporting the behavior that Gentoo would like (see Ulrich's messages). - Jim [1] https://lists.gnu.org/archive/html/bug-gnu-emacs/2021-10/msg02641.html