[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#51327: 28.0.60; emacsclient warns about XDG_RUNTIME_DIR when startin

From: Jim Porter
Subject: bug#51327: 28.0.60; emacsclient warns about XDG_RUNTIME_DIR when starting daemon on demand
Date: Fri, 5 Nov 2021 10:54:29 -0700

On 11/5/2021 3:38 AM, Ulrich Mueller wrote:
If I understand this report correctly, the problem is just the spurious
warning about XDG_RUNTIME_DIR?

Instead of changing the functionality (which breaks other use cases, see
my message to emacs-devel), wouldn't it make more sense to just suppress
the warning if the variable is set? As in attached patch?

It's not just a spurious warning; the warning is telling the user about a real problem, though the wording is a bit confusing for this particular case. If a user calls `emacsclient --alternate-editor=""' with XDG_RUNTIME_DIR set and no Emacs server running, emacsclient will check in both XDG_RUNTIME_DIR and TMPDIR to find the server socket before giving up and starting the daemon.

Since XDG_RUNTIME_DIR exists (at least in part) to prevent symlink attacks, Emacs should try to avoid checking TMPDIR in order to avoid this vulnerability. Emacs 27 is secure in this regard, since it *never* checks TMPDIR if XDG_RUNTIME_DIR is set. However, that behavior caused the problems described in bug#33847. The patch I posted is a compromise that restores the secure behavior for users who set the alternate editor and want to start the Emacs daemon on demand (it's not perfect though; see my reply in emacs-devel).

reply via email to

[Prev in Thread] Current Thread [Next in Thread]