Stefan Kangas <stefan@HIDDEN>
to control <at> debbugs.gnu.org
.
Full text available.Received: (at 51327) by debbugs.gnu.org; 7 Dec 2021 11:26:32 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Dec 07 06:26:32 2021 Received: from localhost ([127.0.0.1]:36472 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1muYcC-00064b-5b for submit <at> debbugs.gnu.org; Tue, 07 Dec 2021 06:26:32 -0500 Received: from mail-pf1-f176.google.com ([209.85.210.176]:37509) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <stefankangas@HIDDEN>) id 1muYcA-00064L-3i for 51327 <at> debbugs.gnu.org; Tue, 07 Dec 2021 06:26:30 -0500 Received: by mail-pf1-f176.google.com with SMTP id 8so13189418pfo.4 for <51327 <at> debbugs.gnu.org>; Tue, 07 Dec 2021 03:26:30 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:in-reply-to:references:user-agent :mime-version:date:message-id:subject:to:cc; bh=RWjOzYn+yO6DZ4ddNhjTf7EqGuIf0kDCaxDkP6SkiuY=; b=3IGC7S2evyIHlqc8VfC8IH7yRzSdWKFR1rwPpRPYjUarj7Um5OHuCAQiPwKBG9uay2 P/W/XcgxfVinA8s42caPWiqXTqjVPXhXZmfeH3zpuux+5VUgPci5ywZDHiX6nQJs/kV+ 1B86Vz+hrJBDTERxzs6e7tatplmQvZCQQMpDf+nXDUmzBalePYamYhp0al28BKsuMbnN d8PtSDWBbc6AQUmObw8XAXl1VzNES/EaAGDe7rrYk5w9yCfFIFCY8+GdoN0PR53XjnxN cjTKd8rfM/PisVTpLCnKXE3bhqqtFmozBcCmIPA9mkyE2WvdIlgVSyuiZ/Vp94Yrg2Cs xvYA== X-Gm-Message-State: AOAM533ClsNZCyGTt4EsSoWctF5vqcyoMdWO+lVrzO5r6zPsd70R1jfE s+gj5kDh1Es8l+X0tP1e7stwG6ydgSO94jwpN4I= X-Google-Smtp-Source: ABdhPJy3oWSHcwuBNelrJ0GkUyfCQh54rcM7K8DoZXoJqd3ipwdkqaeksLGV8LywJMGKWw3oX+/+6fClZeny9sIYZ4U= X-Received: by 2002:aa7:8283:0:b0:49f:a0d0:abcf with SMTP id s3-20020aa78283000000b0049fa0d0abcfmr16852487pfm.70.1638876384229; Tue, 07 Dec 2021 03:26:24 -0800 (PST) Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Tue, 7 Dec 2021 12:26:23 +0100 From: Stefan Kangas <stefan@HIDDEN> In-Reply-To: <b6140cd0-b692-0be9-70c2-64e751381ae6@HIDDEN> (Paul Eggert's message of "Sat, 30 Oct 2021 15:33:11 -0700") References: <ba5ee273-9d0f-7baf-ef2e-d0b005f29ed0@HIDDEN> <53706fa9-1458-fb5c-bd31-15ab555b59e9@HIDDEN> <b6140cd0-b692-0be9-70c2-64e751381ae6@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux) MIME-Version: 1.0 Date: Tue, 7 Dec 2021 12:26:23 +0100 Message-ID: <CADwFkmk3hCc_2ZcqJnexHKt7tNnBsUbGpM1X57-xtLU3EKrKjg@HIDDEN> Subject: Re: bug#51327: 28.0.60; emacsclient warns about XDG_RUNTIME_DIR when starting daemon on-demand To: Paul Eggert <eggert@HIDDEN> Content-Type: text/plain; charset="UTF-8" X-Spam-Score: 0.5 (/) X-Debbugs-Envelope-To: 51327 Cc: Jim Porter <jporterbugs@HIDDEN>, 51327 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -0.5 (/) Paul Eggert <eggert@HIDDEN> writes: > Thanks, this patch looks good to me. You're right that the current approach is > insecure, and your patch should make it somewhat less insecure. Agreed. The only question is if this patch should go to emacs-28 or master? Perhaps Eli or Lars has an opinion about that.
bug-gnu-emacs@HIDDEN
:bug#51327
; Package emacs
.
Full text available.Received: (at 51327) by debbugs.gnu.org; 12 Nov 2021 02:21:35 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Nov 11 21:21:35 2021 Received: from localhost ([127.0.0.1]:42724 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1mlMC6-00062Y-Rk for submit <at> debbugs.gnu.org; Thu, 11 Nov 2021 21:21:34 -0500 Received: from zimbra.cs.ucla.edu ([131.179.128.68]:47824) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <eggert@HIDDEN>) id 1mlMC3-00062H-H6 for 51327 <at> debbugs.gnu.org; Thu, 11 Nov 2021 21:21:33 -0500 Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 725F11600FC; Thu, 11 Nov 2021 18:21:25 -0800 (PST) Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id pYjOikSM2CUB; Thu, 11 Nov 2021 18:21:24 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id CD45B160100; Thu, 11 Nov 2021 18:21:24 -0800 (PST) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id zTuiXwF7gWOv; Thu, 11 Nov 2021 18:21:24 -0800 (PST) Received: from [192.168.1.9] (cpe-172-91-119-151.socal.res.rr.com [172.91.119.151]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id A68811600FC; Thu, 11 Nov 2021 18:21:24 -0800 (PST) Message-ID: <87cc40c9-de9b-8d26-eaad-5c08f4bd065a@HIDDEN> Date: Thu, 11 Nov 2021 18:21:24 -0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.2.1 Subject: Re: bug#51327: 28.0.60; emacsclient warns about XDG_RUNTIME_DIR when starting daemon on demand Content-Language: en-US To: Jim Porter <jporterbugs@HIDDEN>, Ulrich Mueller <ulm@HIDDEN>, 51327 <at> debbugs.gnu.org References: <ba5ee273-9d0f-7baf-ef2e-d0b005f29ed0@HIDDEN> <uczneyjin@HIDDEN> <238ece9e-df13-a604-ba3a-36b346857423@HIDDEN> <uwnlmwk9u@HIDDEN> <f13fb4b7-0299-db20-e80c-9c14be4ba466@HIDDEN> <umtmiwhm4@HIDDEN> <u7ddevo6y@HIDDEN> <82a66db9-f9b3-fc0f-a98d-8900d4fec066@HIDDEN> From: Paul Eggert <eggert@HIDDEN> Organization: UCLA Computer Science Department In-Reply-To: <82a66db9-f9b3-fc0f-a98d-8900d4fec066@HIDDEN> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -2.4 (--) X-Debbugs-Envelope-To: 51327 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.4 (---) On 11/11/21 09:06, Jim Porter wrote: > It's possible that this behavior is perfectly safe, but the way the code > is currently written (plus Paul Eggert's reply in this bug) seem to > indicate that it's vulnerable to attack. Yes, that's indeed the worry.
bug-gnu-emacs@HIDDEN
:bug#51327
; Package emacs
.
Full text available.Received: (at 51327) by debbugs.gnu.org; 11 Nov 2021 17:06:44 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Nov 11 12:06:44 2021 Received: from localhost ([127.0.0.1]:42133 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1mlDXA-00048R-Aa for submit <at> debbugs.gnu.org; Thu, 11 Nov 2021 12:06:44 -0500 Received: from mail-pg1-f170.google.com ([209.85.215.170]:33326) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <jporterbugs@HIDDEN>) id 1mlDX8-000488-Ku for 51327 <at> debbugs.gnu.org; Thu, 11 Nov 2021 12:06:43 -0500 Received: by mail-pg1-f170.google.com with SMTP id 136so1036394pgc.0 for <51327 <at> debbugs.gnu.org>; Thu, 11 Nov 2021 09:06:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=subject:to:cc:references:from:message-id:date:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=6o6VHQtLCx81SdiuQjRF5NVLhaEm0M3mHwQJHLvis6s=; b=n+hloJschzHzW29ndgGrXjA2YanVpXUzp74tvPQpwpGtJv3wBWu4XpUHjL2kwSlfU9 yNVd4+aH6KID2hi0+mYcfRszzUOkdpfaGMvoFuofCDRFOvm+/2RDYmh+fbZX1pbkbV+6 /lWvloCtlXYT6UXrMlqVVLjXbB8KK/Yjgny4gFN1IqaybQ4eIlWQ9uCXUNIN3iSSlGNQ oSDa374zx1dEyV9fcTcoH28HIuhvl/hachv59lxbkXUm/y7L2wwdJI0XWPm2Pih9Yz+L CpUJsom2dODjwfjuZbTp8/RNoJWqv1vqHHTnPK/3weFr7cEWYuKhWDNJbmH55c5+fH45 MljQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=6o6VHQtLCx81SdiuQjRF5NVLhaEm0M3mHwQJHLvis6s=; b=wUZxB/Zf1Kcl2cPjUg5hNofBaz6JknONeQjjT77r/50aCa0MB7DsCwd6iOx7e/jZ0p E4+e66H245JpFjps33lCZoIlE7IqvViV35isa7ZOM2oAgop7Zd0vXp8iuddxp1D/WlpL Lk7lHQfULwedfACek3Jo4MTVWX4L9eim4Q42dW+9nld8ObMbIDCvMHm16usOX0motflS JSJyJuXIoiLmMJc+DUoZRqbR9BsahqrI54Qc8GIn+RaqRd1nHW2YsUvmzlB0fBtMdE2/ 9zEBbyjHmH902RsiW2iPl6vUSU/dTMeltZ5ooOUed/ku/mHUw35xVGxkJZECtHDv+cEp 5O6Q== X-Gm-Message-State: AOAM5315iMj6VXsiU5cKw1I7OL6DX5VY5/SGI26XQLVLRY6PGCbfwyLw drpugKU6doQhwZoyy3tjgnU= X-Google-Smtp-Source: ABdhPJwal05qtudO4HS5aJIy4x1pg39qXy9zZK4aQtRUGi8o8nOImsLaHaLZ9pnvo/6RE0Sy7NK2Hg== X-Received: by 2002:a63:ff04:: with SMTP id k4mr5386302pgi.309.1636650396629; Thu, 11 Nov 2021 09:06:36 -0800 (PST) Received: from [192.168.1.2] (cpe-76-168-148-233.socal.res.rr.com. [76.168.148.233]) by smtp.googlemail.com with ESMTPSA id h22sm2681045pgh.80.2021.11.11.09.06.35 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 11 Nov 2021 09:06:36 -0800 (PST) Subject: Re: bug#51327: 28.0.60; emacsclient warns about XDG_RUNTIME_DIR when starting daemon on demand To: Ulrich Mueller <ulm@HIDDEN>, 51327 <at> debbugs.gnu.org References: <ba5ee273-9d0f-7baf-ef2e-d0b005f29ed0@HIDDEN> <uczneyjin@HIDDEN> <238ece9e-df13-a604-ba3a-36b346857423@HIDDEN> <uwnlmwk9u@HIDDEN> <f13fb4b7-0299-db20-e80c-9c14be4ba466@HIDDEN> <umtmiwhm4@HIDDEN> <u7ddevo6y@HIDDEN> From: Jim Porter <jporterbugs@HIDDEN> Message-ID: <82a66db9-f9b3-fc0f-a98d-8900d4fec066@HIDDEN> Date: Thu, 11 Nov 2021 09:06:36 -0800 MIME-Version: 1.0 In-Reply-To: <u7ddevo6y@HIDDEN> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 51327 Cc: Paul Eggert <eggert@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) On 11/11/2021 5:04 AM, Ulrich Mueller wrote: >>>>>> On Fri, 05 Nov 2021, Ulrich Mueller wrote: > >>>>>> On Fri, 05 Nov 2021, Jim Porter wrote: >>> I'm not an expert on this kind of attack, but my understanding is that >>> it could go something like this: > >>> 1. Attacker runs `evil-daemon' which puts its socket in /tmp/evil >>> 2. Attacker runs `ln -s /tmp/evil /tmp/emacs1000/server' > >> Right, and IIUC this must be carefully timed to exploit some race >> condition between permission checking and creating the socket. I am >> not an expert on this either. > > Thinking about it some more, when you always start the daemon with > XDG_RUNTIME_DIR present, there won't be a /tmp/emacs1000/server (at > least not one with correct user and permissions), and I don't believe > that a symlink attack would be possible. > > OTOH, when you start the daemon without XDG_RUNTIME_DIR, then the socket > will be created in /tmp, but in that case you'd want the client to find > it there. The case I'm concerned about is when the daemon *hasn't* been started yet by the time emacsclient is called. In that case, emacsclient checks both XDG_RUNTIME_DIR and TMPDIR before giving up and starting the daemon. In this case, that means that even on a system where Emacs only uses XDG_RUNTIME_DIR in practice, it'll still search TMPDIR the first time when looking for the (non-existent) daemon. The question then is whether it's safe for the emacsclient to look in TMPDIR to confirm that no daemon already exists. It's possible that this behavior is perfectly safe, but the way the code is currently written (plus Paul Eggert's reply in this bug) seem to indicate that it's vulnerable to attack. If it really is vulnerable, then I think it should be fixed; if it's safe, then just eliminating the warning is sufficient of course.
bug-gnu-emacs@HIDDEN
:bug#51327
; Package emacs
.
Full text available.Received: (at 51327) by debbugs.gnu.org; 11 Nov 2021 13:04:18 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Nov 11 08:04:18 2021 Received: from localhost ([127.0.0.1]:40386 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1ml9kX-0002s6-RP for submit <at> debbugs.gnu.org; Thu, 11 Nov 2021 08:04:18 -0500 Received: from woodpecker.gentoo.org ([140.211.166.183]:37168 helo=smtp.gentoo.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ulm@HIDDEN>) id 1ml9kW-0002rs-2P for 51327 <at> debbugs.gnu.org; Thu, 11 Nov 2021 08:04:16 -0500 From: Ulrich Mueller <ulm@HIDDEN> To: 51327 <at> debbugs.gnu.org Subject: Re: bug#51327: 28.0.60; emacsclient warns about XDG_RUNTIME_DIR when starting daemon on demand In-Reply-To: <umtmiwhm4@HIDDEN> (Ulrich Mueller's message of "Fri, 05 Nov 2021 20:02:43 +0100") References: <ba5ee273-9d0f-7baf-ef2e-d0b005f29ed0@HIDDEN> <uczneyjin@HIDDEN> <238ece9e-df13-a604-ba3a-36b346857423@HIDDEN> <uwnlmwk9u@HIDDEN> <f13fb4b7-0299-db20-e80c-9c14be4ba466@HIDDEN> <umtmiwhm4@HIDDEN> Date: Thu, 11 Nov 2021 14:04:05 +0100 Message-ID: <u7ddevo6y@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 51327 Cc: Jim Porter <jporterbugs@HIDDEN>, Paul Eggert <eggert@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -6.0 (------) >>>>> On Fri, 05 Nov 2021, Ulrich Mueller wrote: >>>>> On Fri, 05 Nov 2021, Jim Porter wrote: >> I'm not an expert on this kind of attack, but my understanding is that >> it could go something like this: >> 1. Attacker runs `evil-daemon' which puts its socket in /tmp/evil >> 2. Attacker runs `ln -s /tmp/evil /tmp/emacs1000/server' > Right, and IIUC this must be carefully timed to exploit some race > condition between permission checking and creating the socket. I am > not an expert on this either. Thinking about it some more, when you always start the daemon with XDG_RUNTIME_DIR present, there won't be a /tmp/emacs1000/server (at least not one with correct user and permissions), and I don't believe that a symlink attack would be possible. OTOH, when you start the daemon without XDG_RUNTIME_DIR, then the socket will be created in /tmp, but in that case you'd want the client to find it there. >> 3. User runs `emacsclient --alternate-editor=""' >> 4. emacsclient doesn't see a socket in XDG_RUNTIME_DIR, checks TMPDIR >> 5. emacsclient connects to evil-daemon See above, unless the daemon was started without XDG*, there won't be any socket in TMPDIR. > Note that after locating the socket, emacsclient will double check for > sane permissions. That is, correct user id and _no_ write permission for > either group or others. That's why I think that there's little attack > surface on the client side, once the socket has been created. >> The evil-daemon probably can't get access to the user's files, but >> might be able to trick a user into entering some secret. I'll let >> others chime in too though, since like I said, I'm not an expert. >> If I'm wrong and this isn't an a problem, then I agree that all we >> need to do here is silence the warning. The core issue is that /run/user/${UID}/ is transient and will disappear after logout. So if you start an Emacs daemon then its process will persist after logout, but its socket file will be gone and it will no longer be possible to connect. This may not be a security issue, but it may cause loss of data.
bug-gnu-emacs@HIDDEN
:bug#51327
; Package emacs
.
Full text available.Received: (at 51327) by debbugs.gnu.org; 5 Nov 2021 19:02:57 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Nov 05 15:02:57 2021 Received: from localhost ([127.0.0.1]:47246 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1mj4UL-0002Y0-8s for submit <at> debbugs.gnu.org; Fri, 05 Nov 2021 15:02:57 -0400 Received: from woodpecker.gentoo.org ([140.211.166.183]:37654 helo=smtp.gentoo.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ulm@HIDDEN>) id 1mj4UI-0002Xm-SS for 51327 <at> debbugs.gnu.org; Fri, 05 Nov 2021 15:02:55 -0400 From: Ulrich Mueller <ulm@HIDDEN> To: Jim Porter <jporterbugs@HIDDEN> Subject: Re: bug#51327: 28.0.60; emacsclient warns about XDG_RUNTIME_DIR when starting daemon on demand In-Reply-To: <f13fb4b7-0299-db20-e80c-9c14be4ba466@HIDDEN> (Jim Porter's message of "Fri, 5 Nov 2021 11:38:48 -0700") References: <ba5ee273-9d0f-7baf-ef2e-d0b005f29ed0@HIDDEN> <uczneyjin@HIDDEN> <238ece9e-df13-a604-ba3a-36b346857423@HIDDEN> <uwnlmwk9u@HIDDEN> <f13fb4b7-0299-db20-e80c-9c14be4ba466@HIDDEN> Date: Fri, 05 Nov 2021 20:02:43 +0100 Message-ID: <umtmiwhm4@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 51327 Cc: Ulrich Mueller <ulm@HIDDEN>, 51327 <at> debbugs.gnu.org, Paul Eggert <eggert@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -6.0 (------) >>>>> On Fri, 05 Nov 2021, Jim Porter wrote: > (Cc'ing Paul Eggert, who can probably answer more confidently than me.) > On 11/5/2021 11:05 AM, Ulrich Mueller wrote: >> Can someone please explain to me how an exploit on the _client_ side >> would look like? >> When starting the server, I can believe that there may be some >> surface for a symlink attack. But once the daemon is running? What is >> the security issue for the client checking TMPDIR? > I'm not an expert on this kind of attack, but my understanding is that > it could go something like this: > 1. Attacker runs `evil-daemon' which puts its socket in /tmp/evil > 2. Attacker runs `ln -s /tmp/evil /tmp/emacs1000/server' Right, and IIUC this must be carefully timed to exploit some race condition between permission checking and creating the socket. I am not an expert on this either. > 3. User runs `emacsclient --alternate-editor=""' > 4. emacsclient doesn't see a socket in XDG_RUNTIME_DIR, checks TMPDIR > 5. emacsclient connects to evil-daemon Note that after locating the socket, emacsclient will double check for sane permissions. That is, correct user id and _no_ write permission for either group or others. That's why I think that there's little attack surface on the client side, once the socket has been created. > The evil-daemon probably can't get access to the user's files, but > might be able to trick a user into entering some secret. I'll let > others chime in too though, since like I said, I'm not an expert. > If I'm wrong and this isn't an a problem, then I agree that all we > need to do here is silence the warning.
bug-gnu-emacs@HIDDEN
:bug#51327
; Package emacs
.
Full text available.Received: (at 51327) by debbugs.gnu.org; 5 Nov 2021 18:38:56 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Nov 05 14:38:56 2021 Received: from localhost ([127.0.0.1]:47213 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1mj476-0008Eg-Hq for submit <at> debbugs.gnu.org; Fri, 05 Nov 2021 14:38:56 -0400 Received: from mail-pj1-f45.google.com ([209.85.216.45]:40553) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <jporterbugs@HIDDEN>) id 1mj474-0008ES-Jq for 51327 <at> debbugs.gnu.org; Fri, 05 Nov 2021 14:38:54 -0400 Received: by mail-pj1-f45.google.com with SMTP id n36-20020a17090a5aa700b0019fa884ab85so3934295pji.5 for <51327 <at> debbugs.gnu.org>; Fri, 05 Nov 2021 11:38:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=subject:to:cc:references:from:message-id:date:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=MiGhWH2j2cw0qmwxsbOuzZgpDIVPmATTk7VWONWWAl8=; b=dWH8QyARvmI1e3A9KnClEt85wfvsoRQRHojFr8Z28CQpwPtWY7va2e/+pU5J22IoHp hPPmx4Iev4To1UdsB5wyFySeWsQiH0+jofVVU8KIVe/oMGOapJEwPllPE4e7GSJ+FiLQ BJjXTIJX6/Oa7x4U0Na4eAwBFPmIcMZaZJogzuX9RwHkukWX5m5YJZ2UYN2R2oMlYWgT nL4LjSqOaaCo+Uz2WpEkkcmXSSOoJ7Adf0oUP6Wa5L0aV79jvBkdxhTdbN4pGXe3k+gY 4CKx2/bx5X+Aln+NEm1vkT3PKAhuAQ7jCiD+yC+/ndIEzW1DDjo8eivSiQ4zbkLt9kcN NYiw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=MiGhWH2j2cw0qmwxsbOuzZgpDIVPmATTk7VWONWWAl8=; b=WiDD2ONKW+vimcRCQpRWYd7Nud/RQGkOdsgzcetIAomM7HUt3ouCnIuzKJKNUVbnNY LD/eSJVOAxDCUYDXj8CM23nJxWj1kvWI4tRHaOXpgJVWTSjBrR2EnA1Wtn8rLdcrUr3w zJoaSpIfF1UC7keBnb9sPBUC5XzVa/ZDvzScXdjzoHZEKDjSo7+1J9GAOKwLXIZCvkuL wEoqqIbJamiFlJm0TlUlrRVSLFap8VSPq845ccjxXxEyXFkVJ2ihqsX/3ekSw3+dxmDO oh2n5XfQJ/VdrGrHtdYERTooLzzq0pigH1LUa2EtBnRaOkqhix7QiddpwWFFodd0VKuM lX/w== X-Gm-Message-State: AOAM533/RR1Z6dRPJCZ0VOCaOwFv82ZVvcAQLXWbXm/Bjt4tY3ZcAnWT CA62bAnaZ37hpfGmcA8w+jM= X-Google-Smtp-Source: ABdhPJxSJwPrWaUmRcOh1IHisZNTmnoG/d8FsQ9RVjOkGX0bUh81GWnUfkOMI31KRwkm9ahl1ctdUw== X-Received: by 2002:a17:90a:4586:: with SMTP id v6mr32394936pjg.43.1636137528658; Fri, 05 Nov 2021 11:38:48 -0700 (PDT) Received: from [192.168.1.2] (cpe-76-168-148-233.socal.res.rr.com. [76.168.148.233]) by smtp.googlemail.com with ESMTPSA id e6sm6444806pgf.59.2021.11.05.11.38.47 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 05 Nov 2021 11:38:48 -0700 (PDT) Subject: Re: bug#51327: 28.0.60; emacsclient warns about XDG_RUNTIME_DIR when starting daemon on demand To: Ulrich Mueller <ulm@HIDDEN> References: <ba5ee273-9d0f-7baf-ef2e-d0b005f29ed0@HIDDEN> <uczneyjin@HIDDEN> <238ece9e-df13-a604-ba3a-36b346857423@HIDDEN> <uwnlmwk9u@HIDDEN> From: Jim Porter <jporterbugs@HIDDEN> Message-ID: <f13fb4b7-0299-db20-e80c-9c14be4ba466@HIDDEN> Date: Fri, 5 Nov 2021 11:38:48 -0700 MIME-Version: 1.0 In-Reply-To: <uwnlmwk9u@HIDDEN> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 51327 Cc: 51327 <at> debbugs.gnu.org, Paul Eggert <eggert@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) (Cc'ing Paul Eggert, who can probably answer more confidently than me.) On 11/5/2021 11:05 AM, Ulrich Mueller wrote: > Can someone please explain to me how an exploit on the _client_ side > would look like? > > When starting the server, I can believe that there may be some surface > for a symlink attack. But once the daemon is running? What is the > security issue for the client checking TMPDIR? I'm not an expert on this kind of attack, but my understanding is that it could go something like this: 1. Attacker runs `evil-daemon' which puts its socket in /tmp/evil 2. Attacker runs `ln -s /tmp/evil /tmp/emacs1000/server' 3. User runs `emacsclient --alternate-editor=""' 4. emacsclient doesn't see a socket in XDG_RUNTIME_DIR, checks TMPDIR 5. emacsclient connects to evil-daemon The evil-daemon probably can't get access to the user's files, but might be able to trick a user into entering some secret. I'll let others chime in too though, since like I said, I'm not an expert. If I'm wrong and this isn't an a problem, then I agree that all we need to do here is silence the warning.
bug-gnu-emacs@HIDDEN
:bug#51327
; Package emacs
.
Full text available.Received: (at 51327) by debbugs.gnu.org; 5 Nov 2021 18:05:30 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Nov 05 14:05:30 2021 Received: from localhost ([127.0.0.1]:47128 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1mj3aj-0007OT-Sf for submit <at> debbugs.gnu.org; Fri, 05 Nov 2021 14:05:30 -0400 Received: from woodpecker.gentoo.org ([140.211.166.183]:49864 helo=smtp.gentoo.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ulm@HIDDEN>) id 1mj3ai-0007O1-7T for 51327 <at> debbugs.gnu.org; Fri, 05 Nov 2021 14:05:28 -0400 From: Ulrich Mueller <ulm@HIDDEN> To: Jim Porter <jporterbugs@HIDDEN> Subject: Re: bug#51327: 28.0.60; emacsclient warns about XDG_RUNTIME_DIR when starting daemon on demand In-Reply-To: <238ece9e-df13-a604-ba3a-36b346857423@HIDDEN> (Jim Porter's message of "Fri, 5 Nov 2021 10:54:29 -0700") References: <ba5ee273-9d0f-7baf-ef2e-d0b005f29ed0@HIDDEN> <uczneyjin@HIDDEN> <238ece9e-df13-a604-ba3a-36b346857423@HIDDEN> Date: Fri, 05 Nov 2021 19:05:17 +0100 Message-ID: <uwnlmwk9u@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 51327 Cc: 51327 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -6.0 (------) Can someone please explain to me how an exploit on the _client_ side would look like? When starting the server, I can believe that there may be some surface for a symlink attack. But once the daemon is running? What is the security issue for the client checking TMPDIR?
bug-gnu-emacs@HIDDEN
:bug#51327
; Package emacs
.
Full text available.Received: (at 51327) by debbugs.gnu.org; 5 Nov 2021 17:54:40 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Nov 05 13:54:40 2021 Received: from localhost ([127.0.0.1]:47109 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1mj3QF-00077H-WF for submit <at> debbugs.gnu.org; Fri, 05 Nov 2021 13:54:40 -0400 Received: from mail-pj1-f47.google.com ([209.85.216.47]:52868) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <jporterbugs@HIDDEN>) id 1mj3QA-00076z-V1 for 51327 <at> debbugs.gnu.org; Fri, 05 Nov 2021 13:54:38 -0400 Received: by mail-pj1-f47.google.com with SMTP id h24so2496692pjq.2 for <51327 <at> debbugs.gnu.org>; Fri, 05 Nov 2021 10:54:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=subject:to:references:from:message-id:date:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=qsjqsJuAG96HVuKLzky2sgHjBn6TzFCbNf8oEk+Exv0=; b=qX5EAf5MfMwkzKO56oCXJk8ZkHQj+L2q6xLPAsltnxN2MhKdFpXe2RvLDMrdrMgbOT oEHnVzzL1znzb0E1XETa9k60bT6kBSoAuE28YA/Un1ZVJA93KqwcUnDw1UvZvLeO8aLQ oel1oseLsar42py7StqDT8YomcKLgg6KaWW1t8nUDl2go5MPu1ev2yI0NMcw/4bXZQRI /EEnrwz7FjksgimCNDcDT0WSj/GR38UfKmS9bAVc1VvMuLMnScSfFTS/raqbbqzz56CL KhsBnnYBiphfgMjXWSgl5FejsKYfWb9f3+fSyDdFG/gXsvDqvpfCJGPaiYRSNg/RhXNf EKiQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:subject:to:references:from:message-id:date :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=qsjqsJuAG96HVuKLzky2sgHjBn6TzFCbNf8oEk+Exv0=; b=3U2JcCA+87Qv51rN56VXMuvUWbuAdQmfTQLzZ9gmIWtJHOsdxajRr1GN89uW5g0bVd NLUS7dHjQlJtZrQQ6xsCnKpfzOOp+hf27rmChE/i7Z420r4HfxGKCL68R5Zzc7C6xLv9 wQ9YCHPRu++eIii+aD2eT3925ARWIFOUqb1yaBXtbVnN6jcMDhQ32iu8MwS2IJWe/0Lh T8RDwQV+DgEBNV5WeiimZ7Dt6BbWGmkQVm8PSlH4ZgZVKCsNVN52ofXfzn7nTMPn1uJI sbwCRdW53C4a9bN2P/c/+It9GWL9oEjaGCWvcu2kYSfY+QOrMiZCYpsEY1CQ+3s+b/Ou 7I7g== X-Gm-Message-State: AOAM530s+oC9FzOQr8s155SYtD19oEj1F77Tc5tm2MTew8ChAtwbBtmB dMns+fS5PN02MpsT/5jS0NV5GeRaxbo= X-Google-Smtp-Source: ABdhPJz4EbC+qm9JtNL4qPckRdBYp/683PPIcIaVJ0GM6+r2lPuBtFktQuO09d2GwAfgnqNyd8CsyQ== X-Received: by 2002:a17:90a:8912:: with SMTP id u18mr31223649pjn.69.1636134869067; Fri, 05 Nov 2021 10:54:29 -0700 (PDT) Received: from [192.168.1.2] (cpe-76-168-148-233.socal.res.rr.com. [76.168.148.233]) by smtp.googlemail.com with ESMTPSA id x193sm6526110pfd.160.2021.11.05.10.54.28 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 05 Nov 2021 10:54:28 -0700 (PDT) Subject: Re: bug#51327: 28.0.60; emacsclient warns about XDG_RUNTIME_DIR when starting daemon on demand To: Ulrich Mueller <ulm@HIDDEN>, 51327 <at> debbugs.gnu.org References: <ba5ee273-9d0f-7baf-ef2e-d0b005f29ed0@HIDDEN> <uczneyjin@HIDDEN> From: Jim Porter <jporterbugs@HIDDEN> Message-ID: <238ece9e-df13-a604-ba3a-36b346857423@HIDDEN> Date: Fri, 5 Nov 2021 10:54:29 -0700 MIME-Version: 1.0 In-Reply-To: <uczneyjin@HIDDEN> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 51327 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) On 11/5/2021 3:38 AM, Ulrich Mueller wrote: > If I understand this report correctly, the problem is just the spurious > warning about XDG_RUNTIME_DIR? > > Instead of changing the functionality (which breaks other use cases, see > my message to emacs-devel), wouldn't it make more sense to just suppress > the warning if the variable is set? As in attached patch? It's not just a spurious warning; the warning is telling the user about a real problem, though the wording is a bit confusing for this particular case. If a user calls `emacsclient --alternate-editor=""' with XDG_RUNTIME_DIR set and no Emacs server running, emacsclient will check in both XDG_RUNTIME_DIR and TMPDIR to find the server socket before giving up and starting the daemon. Since XDG_RUNTIME_DIR exists (at least in part) to prevent symlink attacks, Emacs should try to avoid checking TMPDIR in order to avoid this vulnerability. Emacs 27 is secure in this regard, since it *never* checks TMPDIR if XDG_RUNTIME_DIR is set. However, that behavior caused the problems described in bug#33847. The patch I posted is a compromise that restores the secure behavior for users who set the alternate editor and want to start the Emacs daemon on demand (it's not perfect though; see my reply in emacs-devel).
bug-gnu-emacs@HIDDEN
:bug#51327
; Package emacs
.
Full text available.Received: (at 51327) by debbugs.gnu.org; 5 Nov 2021 10:38:54 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Nov 05 06:38:54 2021 Received: from localhost ([127.0.0.1]:44947 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1miwcY-000840-1K for submit <at> debbugs.gnu.org; Fri, 05 Nov 2021 06:38:54 -0400 Received: from woodpecker.gentoo.org ([140.211.166.183]:37806 helo=smtp.gentoo.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ulm@HIDDEN>) id 1miwcV-00083i-Kb for 51327 <at> debbugs.gnu.org; Fri, 05 Nov 2021 06:38:52 -0400 From: Ulrich Mueller <ulm@HIDDEN> To: 51327 <at> debbugs.gnu.org Subject: Re: 28.0.60; emacsclient warns about XDG_RUNTIME_DIR when starting daemon on demand Date: Fri, 05 Nov 2021 11:38:40 +0100 Message-ID: <uczneyjin@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 51327 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -6.0 (------) --=-=-= Content-Type: text/plain If I understand this report correctly, the problem is just the spurious warning about XDG_RUNTIME_DIR? Instead of changing the functionality (which breaks other use cases, see my message to emacs-devel), wouldn't it make more sense to just suppress the warning if the variable is set? As in attached patch? --=-=-= Content-Type: text/plain Content-Disposition: attachment; filename=0001-Suppress-a-spurious-warning-in-emacsclient.patch From 8b13b4ce6b5c5998ea8dc6db0c1021f2beba41aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulrich=20M=C3=BCller?= <ulm@HIDDEN> Date: Fri, 5 Nov 2021 11:30:28 +0100 Subject: [PATCH] Suppress a spurious warning in emacsclient * lib-src/emacsclient.c (set_local_socket): Suppress warning about unset XDG_RUNTIME_DIR if the variable is actually set. (Bug#51327) --- lib-src/emacsclient.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib-src/emacsclient.c b/lib-src/emacsclient.c index 0e800dd7e8..d812ae6bc8 100644 --- a/lib-src/emacsclient.c +++ b/lib-src/emacsclient.c @@ -1447,6 +1447,7 @@ set_local_socket (char const *server_name) int tmpdirlen = -1; int socknamelen = -1; uid_t uid = geteuid (); + char const *xdg_runtime_dir = NULL; bool tmpdir_used = false; int s = cloexec_socket (AF_UNIX, SOCK_STREAM, 0); if (s < 0) @@ -1468,7 +1469,7 @@ set_local_socket (char const *server_name) { /* socket_name is a file name component. */ sock_status = ENOENT; - char const *xdg_runtime_dir = egetenv ("XDG_RUNTIME_DIR"); + xdg_runtime_dir = egetenv ("XDG_RUNTIME_DIR"); if (xdg_runtime_dir) { socknamelen = snprintf (sockname, socknamesize, "%s/emacs/%s", @@ -1559,7 +1560,8 @@ set_local_socket (char const *server_name) int sockdirnamelen = snprintf (sockdirname, sizeof sockdirname, "/run/user/%"PRIuMAX, id); if (0 <= sockdirnamelen && sockdirnamelen < sizeof sockdirname - && faccessat (AT_FDCWD, sockdirname, X_OK, AT_EACCESS) == 0) + && faccessat (AT_FDCWD, sockdirname, X_OK, AT_EACCESS) == 0 + && !xdg_runtime_dir) message (true, ("%s: Should XDG_RUNTIME_DIR='%s' be in the environment?\n" -- 2.33.1 --=-=-=--
bug-gnu-emacs@HIDDEN
:bug#51327
; Package emacs
.
Full text available.Received: (at 51327) by debbugs.gnu.org; 30 Oct 2021 22:33:22 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sat Oct 30 18:33:22 2021 Received: from localhost ([127.0.0.1]:58582 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1mgwug-0004NK-CV for submit <at> debbugs.gnu.org; Sat, 30 Oct 2021 18:33:22 -0400 Received: from zimbra.cs.ucla.edu ([131.179.128.68]:36470) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <eggert@HIDDEN>) id 1mgwud-0004N5-JO for 51327 <at> debbugs.gnu.org; Sat, 30 Oct 2021 18:33:20 -0400 Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 4918A1600EB; Sat, 30 Oct 2021 15:33:13 -0700 (PDT) Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id jjdj3vYFbjCM; Sat, 30 Oct 2021 15:33:12 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id A1B8F1600FC; Sat, 30 Oct 2021 15:33:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Oqpsl-BP-XtM; Sat, 30 Oct 2021 15:33:12 -0700 (PDT) Received: from [192.168.1.9] (cpe-172-91-119-151.socal.res.rr.com [172.91.119.151]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id 6763B1600EB; Sat, 30 Oct 2021 15:33:12 -0700 (PDT) Message-ID: <b6140cd0-b692-0be9-70c2-64e751381ae6@HIDDEN> Date: Sat, 30 Oct 2021 15:33:11 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.1.2 Subject: Re: bug#51327: 28.0.60; emacsclient warns about XDG_RUNTIME_DIR when starting daemon on-demand Content-Language: en-US To: Jim Porter <jporterbugs@HIDDEN> References: <ba5ee273-9d0f-7baf-ef2e-d0b005f29ed0@HIDDEN> <53706fa9-1458-fb5c-bd31-15ab555b59e9@HIDDEN> From: Paul Eggert <eggert@HIDDEN> Organization: UCLA Computer Science Department In-Reply-To: <53706fa9-1458-fb5c-bd31-15ab555b59e9@HIDDEN> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -2.4 (--) X-Debbugs-Envelope-To: 51327 Cc: 51327 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.4 (---) Thanks, this patch looks good to me. You're right that the current approach is insecure, and your patch should make it somewhat less insecure.
bug-gnu-emacs@HIDDEN
:bug#51327
; Package emacs
.
Full text available.Received: (at 51327) by debbugs.gnu.org; 30 Oct 2021 19:37:13 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sat Oct 30 15:37:12 2021 Received: from localhost ([127.0.0.1]:58485 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1mguAC-0008OU-JA for submit <at> debbugs.gnu.org; Sat, 30 Oct 2021 15:37:12 -0400 Received: from mail-pj1-f43.google.com ([209.85.216.43]:42703) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <jporterbugs@HIDDEN>) id 1mguAA-0008OI-Pd for 51327 <at> debbugs.gnu.org; Sat, 30 Oct 2021 15:37:11 -0400 Received: by mail-pj1-f43.google.com with SMTP id nn3-20020a17090b38c300b001a03bb6c4ebso9745835pjb.1 for <51327 <at> debbugs.gnu.org>; Sat, 30 Oct 2021 12:37:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=subject:from:to:cc:references:message-id:date:mime-version :in-reply-to:content-language; bh=eokKXPErDDuO3HWssqTTmpUCjEMOQ0t7scrKT861+FM=; b=MKFM5CpMfMzjNU9Rk49uX0Q6htO1L0/WD6b3rRYwq/ddS1v8spZmvcUGXdA5G5o/iZ BjLAoyMPEKqHJJAyIa2A6v9w3egfXuL/MUUFgtZBYKvFXdfYGX4FQt+6Ne6wvGbTpOZs ieNeIBvq72/S4lQjWB5kjVP74QLKOriTGa4VWC0yrhP3MIIXa/gVY/1vaMTfV6flU+LZ OgycYyVGSiu1PaqGeQBA55muV9xd2k5Km1VeetGupbjoFLCJqIhWm7OGOib2hxvvDwsj YcHvck/7XDGrKbM7NXNog25Ksi5V/o4iBZIz5tLyylAkpoPXtr9U+BkAZfAUWczimPo2 G+6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:subject:from:to:cc:references:message-id:date :mime-version:in-reply-to:content-language; bh=eokKXPErDDuO3HWssqTTmpUCjEMOQ0t7scrKT861+FM=; b=zjW/oHg85xGFj2hDCqV3Wx3OVvNt7EMmZWYWc/SV951MoIOPPIe9VonBU1LewVbo0V clnr9v5QwdYtTdDQvOvmeZRpfwHoFcb5AWMwdgNAd9WK4b19Ax/fmuGL7RJt4xAb0t53 p5HSntoBMbOE5IgAvFUIhL6UbuUI/dAMW3JTfbzBQlxe3q4PWTag395s2sLTc8mzbACZ etbuGI3L4I+1A4OUHqZuEkR1auQyGqKIX3/nt4W6NCUVQlXEYmIGS3Qv9H0e1EcsikZL AgVU8sOS7uf4b6HUPci/8urSpkvy9KVuuGBN90F1ljG04lTKfBqc7xeHWRaOsaZR0OXN QpUQ== X-Gm-Message-State: AOAM533/Bc9CREgNUDSfv3IkpumPVUZ21qO+bXIi6WB8bCNNEqfqCbRp CRTOwD1G/Y66d3hEFJAEETI= X-Google-Smtp-Source: ABdhPJyI/e8AoTgDvlm292LxfLerIobqInZXnNEjgRxp3IKmNOOofiPqOAh0sZR4ovGdup3gUKJdeg== X-Received: by 2002:a17:902:b94a:b0:141:8454:d665 with SMTP id h10-20020a170902b94a00b001418454d665mr16548780pls.88.1635622624834; Sat, 30 Oct 2021 12:37:04 -0700 (PDT) Received: from [192.168.1.2] (cpe-76-168-148-233.socal.res.rr.com. [76.168.148.233]) by smtp.googlemail.com with ESMTPSA id m4sm4176913pjs.1.2021.10.30.12.37.02 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 30 Oct 2021 12:37:03 -0700 (PDT) Subject: Re: bug#51327: 28.0.60; emacsclient warns about XDG_RUNTIME_DIR when starting daemon on-demand From: Jim Porter <jporterbugs@HIDDEN> To: 51327 <at> debbugs.gnu.org References: <ba5ee273-9d0f-7baf-ef2e-d0b005f29ed0@HIDDEN> Message-ID: <53706fa9-1458-fb5c-bd31-15ab555b59e9@HIDDEN> Date: Sat, 30 Oct 2021 12:37:02 -0700 MIME-Version: 1.0 In-Reply-To: <ba5ee273-9d0f-7baf-ef2e-d0b005f29ed0@HIDDEN> Content-Type: multipart/mixed; boundary="------------D0A415F2BE8E27FC4474B716" Content-Language: en-US X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 51327 Cc: eggert@HIDDEN X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) This is a multi-part message in MIME format. --------------D0A415F2BE8E27FC4474B716 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit On 10/21/2021 9:58 PM, Jim Porter wrote: > Normally, when running `emacsclient --alternate-editor=""' with no Emacs > server running, it will run `emacs --daemon' and then connect to it. In > Emacs 28, it will also issue the following warning: > > Should XDG_RUNTIME_DIR='/run/user/1000' be in the environment? > (Be careful: XDG_RUNTIME_DIR is security-related.) > > However, XDG_RUNTIME_DIR *is* set in my environment, so it shouldn't be > warning me about it. > > I believe this is due to the fix for bug#33847 (see commit > 007744dd0404d6febca88b00c22981cc630fb8c0). That bug asked for > emacsclient to look in both XDG_RUNTIME_DIR and TMPDIR to find the > server socket, in order to accommodate the case where `emacs --daemon' > is started when XDG_RUNTIME_DIR is unset, but *is* set when running > `emacsclient'. Attached is a patch that should fix this by skipping the TMPDIR check whenever a) we have an alternate editor and b) XDG_RUNTIME_DIR is set. This has the benefit of supporting the use case in bug#33847 as well as users who start the Emacs daemon on-demand. The only flaw I can think of with this method is that it would still be technically possible to perform a symlink attack against a user who runs `emacs --daemon' explicitly with XDG_RUNTIME_DIR set, and then runs `emacsclient' without an alternate editor set. However, this would require the attacker to be able to kill the `emacs --daemon' process somehow so that emacsclient falls back to looking in TMPDIR. I'm not sure that's a realistic attack vector, but I thought I'd mention it for completeness. --------------D0A415F2BE8E27FC4474B716 Content-Type: text/plain; charset=UTF-8; name="0001-Prevent-symlink-attacks-in-emacsclient-when-an-alter.patch" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename*0="0001-Prevent-symlink-attacks-in-emacsclient-when-an-alter.pa"; filename*1="tch" RnJvbSA2YjhjN2E5ODgxYjc5MjU0YzYxODM1NmE0ZGZhMjU3ODEyYTZmZTVjIE1vbiBTZXAg MTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBKaW0gUG9ydGVyIDxqcG9ydGVyYnVnc0BnbWFpbC5j b20+CkRhdGU6IFNhdCwgMzAgT2N0IDIwMjEgMTI6MjI6MDIgLTA3MDAKU3ViamVjdDogW1BB VENIXSBQcmV2ZW50IHN5bWxpbmsgYXR0YWNrcyBpbiBlbWFjc2NsaWVudCB3aGVuIGFuIGFs dGVybmF0ZQogZWRpdG9yIGlzIHNldAoKKiBsaWItc3JjL2VtYWNzY2xpZW50LmMgKHNldF9s b2NhbF9zb2NrZXQpOiBEb24ndCBsb29rIGluIFRNUERJUiBmb3IgYQpzb2NrZXQgaWYgd2Ug aGF2ZSBhbiBhbHRlcm5hdGUgZWRpdG9yIGFuZCBYREdfUlVOVElNRV9ESVIgaXMgc2V0CihC dWcjNTEzMjcpLgotLS0KIGxpYi1zcmMvZW1hY3NjbGllbnQuYyB8IDUgKysrKy0KIDEgZmls ZSBjaGFuZ2VkLCA0IGluc2VydGlvbnMoKyksIDEgZGVsZXRpb24oLSkKCmRpZmYgLS1naXQg YS9saWItc3JjL2VtYWNzY2xpZW50LmMgYi9saWItc3JjL2VtYWNzY2xpZW50LmMKaW5kZXgg Y2ZmM2NlYzJhNy4uMTMwNTIyNjA1NiAxMDA2NDQKLS0tIGEvbGliLXNyYy9lbWFjc2NsaWVu dC5jCisrKyBiL2xpYi1zcmMvZW1hY3NjbGllbnQuYwpAQCAtMTQ2Niw3ICsxNDY2LDEwIEBA IHNldF9sb2NhbF9zb2NrZXQgKGNoYXIgY29uc3QgKnNlcnZlcl9uYW1lKQogCQkJID8gY29u bmVjdF9zb2NrZXQgKEFUX0ZEQ1dELCBzb2NrbmFtZSwgcywgMCkKIAkJCSA6IEVOQU1FVE9P TE9ORyk7CiAJfQotICAgICAgaWYgKHNvY2tfc3RhdHVzID09IEVOT0VOVCkKKyAgICAgIC8q IEZhbGwgYmFjayB0byBjaGVja2luZyBmb3IgYSBzb2NrZXQgaW4gVE1QRElSIHVubGVzcyB3 ZSBoYXZlCisJIGFuIGFsdGVybmF0ZSBlZGl0b3IgYW5kIFhER19SVU5USU1FX0RJUiBpcyBz ZXQuICBJbiB0aGF0CisJIGNhc2UsIHdlIHdhbnQgdG8gYmFpbCBvdXQgYW5kIHNwYXduIHRo ZSBhbHRlcm5hdGUgZWRpdG9yLiAqLworICAgICAgaWYgKCEoeGRnX3J1bnRpbWVfZGlyICYm IGFsdGVybmF0ZV9lZGl0b3IpICYmIHNvY2tfc3RhdHVzID09IEVOT0VOVCkKIAl7CiAJICBj aGFyIGNvbnN0ICp0bXBkaXIgPSBlZ2V0ZW52ICgiVE1QRElSIik7CiAJICBpZiAodG1wZGly KQotLSAKMi4yNS4xCgo= --------------D0A415F2BE8E27FC4474B716--
bug-gnu-emacs@HIDDEN
:bug#51327
; Package emacs
.
Full text available.Stefan Kangas <stefan@HIDDEN>
to control <at> debbugs.gnu.org
.
Full text available.Received: (at submit) by debbugs.gnu.org; 22 Oct 2021 04:58:09 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Oct 22 00:58:09 2021 Received: from localhost ([127.0.0.1]:59069 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1mdmd7-00010z-GJ for submit <at> debbugs.gnu.org; Fri, 22 Oct 2021 00:58:09 -0400 Received: from lists.gnu.org ([209.51.188.17]:49980) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <jporterbugs@HIDDEN>) id 1mdmd5-00010q-T8 for submit <at> debbugs.gnu.org; Fri, 22 Oct 2021 00:58:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37938) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <jporterbugs@HIDDEN>) id 1mdmd5-00021Y-IV for bug-gnu-emacs@HIDDEN; Fri, 22 Oct 2021 00:58:07 -0400 Received: from mail-pg1-x533.google.com ([2607:f8b0:4864:20::533]:36439) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <jporterbugs@HIDDEN>) id 1mdmd1-0006HU-Qw for bug-gnu-emacs@HIDDEN; Fri, 22 Oct 2021 00:58:07 -0400 Received: by mail-pg1-x533.google.com with SMTP id 75so2277304pga.3 for <bug-gnu-emacs@HIDDEN>; Thu, 21 Oct 2021 21:58:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:subject:to:cc:message-id:date:mime-version:content-language :content-transfer-encoding; bh=hvJGcbhYZLpEGRxE6NByVUbEDo7XK61DwYuIxjCJy5M=; b=QXHXVljBdGS0Aj9c1zINGDhLCuR9wmHyPIcxnvPabRDMJ+NlhK5lSQc+X2NcouQhvo hGKV9UDEWut4FaOYkXaL12uf1ZjC1Gjt+jEEcmHH1qZRlkeLUeGG6IFr6JaWQe3Lxryz +X633v+61QatKbSc0FebIfKPXVg0wjIHsA5Vphx8gfbPBMC7BParf6HsE20esVg2HBoQ p1u4xBQBinGh0SNHdHFtI3JwpRCHDM1EMMOBRYh2XsMYJlZ65CeUkHjeq2TKONe/Gmgi JpKtDR6h8B9YmV1DoUHgouW2AJudGw9EYUdDMzuRRQTGC/DQqfgz/aKuMqzVDdH0Irmh rhgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:subject:to:cc:message-id:date:mime-version :content-language:content-transfer-encoding; bh=hvJGcbhYZLpEGRxE6NByVUbEDo7XK61DwYuIxjCJy5M=; b=hPLapf1XK9UKlFrJA/miIrzLCcPdkhBe9v0WgVj05heI/nXI+3fs0UzdcSFW46OYiP H4SA7mXu3wqvR3NBYPTWXYZDfy5pTpkdvQef/qHoxX6/TEuQvdqpDuRlH7vCiG8OZuOz q0czJt08C1b/+aUBQaSTkfmabzea7jmCuryzgX8ZNzOybr/BCgDG28ofbQ2HbXrqWXuo t5Y/Mxk5qyz1DWyTa19YG2aofkwv0LB/b6hxVlCZ3JMEolxRp0YA8nCi1q20ddyUIm3B RytlRDguMCkfwU91giVMT75VRlVwlJ/PHkHy6nF7XDUB5TWWH1ivaqSeMES4d4yx52C+ l7JQ== X-Gm-Message-State: AOAM533rT7L8rF6RCKxzxpZqA3otCrDQkbzAOW7b0Gtz78+mikWltOTH drQSUMDqrVLbvbDjDvFI7QE= X-Google-Smtp-Source: ABdhPJwFHPRO7Ldwvsfx6sjBwSXCz3ZDn+X01wCmKHMfa3uUqRmdaUa12cQz6uWuPyd9iuCsFEOVsw== X-Received: by 2002:a63:b218:: with SMTP id x24mr7630645pge.29.1634878681443; Thu, 21 Oct 2021 21:58:01 -0700 (PDT) Received: from [192.168.1.2] (cpe-76-168-148-233.socal.res.rr.com. [76.168.148.233]) by smtp.googlemail.com with ESMTPSA id u11sm8165835pfg.2.2021.10.21.21.58.00 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 21 Oct 2021 21:58:00 -0700 (PDT) X-Mozilla-News-Host: news://news.gmane.org:119 From: Jim Porter <jporterbugs@HIDDEN> Subject: 28.0.60; emacsclient warns about XDG_RUNTIME_DIR when starting daemon on-demand To: bug-gnu-emacs@HIDDEN Message-ID: <ba5ee273-9d0f-7baf-ef2e-d0b005f29ed0@HIDDEN> Date: Thu, 21 Oct 2021 21:58:00 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Received-SPF: pass client-ip=2607:f8b0:4864:20::533; envelope-from=jporterbugs@HIDDEN; helo=mail-pg1-x533.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit Cc: eggert@HIDDEN X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -2.3 (--) Normally, when running `emacsclient --alternate-editor=""' with no Emacs server running, it will run `emacs --daemon' and then connect to it. In Emacs 28, it will also issue the following warning: Should XDG_RUNTIME_DIR='/run/user/1000' be in the environment? (Be careful: XDG_RUNTIME_DIR is security-related.) However, XDG_RUNTIME_DIR *is* set in my environment, so it shouldn't be warning me about it. I believe this is due to the fix for bug#33847 (see commit 007744dd0404d6febca88b00c22981cc630fb8c0). That bug asked for emacsclient to look in both XDG_RUNTIME_DIR and TMPDIR to find the server socket, in order to accommodate the case where `emacs --daemon' is started when XDG_RUNTIME_DIR is unset, but *is* set when running `emacsclient'. That works for the issue described in bug#33847, but for users with XDG_RUNTIME_DIR set who want `emacs --daemon' to start on demand, the change means that emacsclient will look in TMPDIR to find a server socket, record that attempt, and then warn about it before finally going ahead and starting `emacs --daemon'. I'm not an expert on XDG_RUNTIME_DIR, but my understanding is that this was added to improve security over using TMPDIR. However, as far as I can tell, the fix in bug#33847 partially undoes the security improvement for users who want to start `emacs --daemon' on demand. I'm not sure what the fix here is, at least not while ensuring that both this case and the case in bug#33847 "just work" without setting some option... (The original bug#33847 is rather long, and I see that similar concerns were raised there, so I hope I've summarized this accurately and I'm not just misunderstanding what this code is doing.)
Jim Porter <jporterbugs@HIDDEN>
:bug-gnu-emacs@HIDDEN
.
Full text available.bug-gnu-emacs@HIDDEN
:bug#51327
; Package emacs
.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.