|
From: | Jim Porter |
Subject: | Re: emacsclient startup messages |
Date: | Sat, 30 Oct 2021 12:16:55 -0700 |
On 10/30/2021 10:39 AM, Ulrich Mueller wrote:
On Tue, 26 Oct 2021, Jim Porter wrote:I believe this is bug#51327. From how I understand it, this is fallout from the fix for bug#33847 that occurs when `emacsclient' is run and can't find a daemon to connect to. As far as I can tell, it's an indicator of a real bug: the code is checking TMPDIR for the socket even on a system with XDG_RUNTIME_DIR set (and ultimately, the to-be-created daemon will put its socket in XDG_RUNTIME_DIR).There can be situations where there is an XDG environment for the client but not for the daemon.
Right, the patch in bug#33847 should handle that case correctly, but I'm pretty sure the current implementation opens users who spawn the Emacs daemon on-demand to symlink attacks. That's due to the code needing to check both XDG_RUNTIME_DIR and TMPDIR before being sure there's no daemon to connect to.
I can think of two ways to avoid this issue:1) Have a flag that lets users explicitly state whether emacsclient can fall back to looking in TMPDIR. Then, if the flag is unset, emacsclient will only look in XDG_RUNTIME_DIR; if it is set, it will look in XDG_RUNTIME_DIR first, and fall back to TMPDIR if necessary. However, this means that either your case in bug#33847 or the "daemon on demand" case will need to explicitly set this flag, which is annoying.
2) If XDG_RUNTIME_DIR and ALTERNATE_EDITOR/--alternate-editor are both set, never check TMPDIR. This should let both cases work without requiring users to explicitly set a flag anywhere, but it the lack of explicitness could be more confusing. I think this should work fine in all cases, since users running `emacs --daemon' without XDG probably won't be using ALTERNATE_EDITOR (the daemon should always be running, so there's no need for an alternate editor).
- Jim
[Prev in Thread] | Current Thread | [Next in Thread] |