|
| From: | Paul Eggert |
| Subject: | bug#33847: 27.0.50; emacsclient does not find server socket |
| Date: | Tue, 25 Dec 2018 16:24:10 -0800 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 |
Ulrich Mueller wrote:
IMHO that's not an acceptable solution. emacsclient should just work in the default configuration, without requiring the user to jump through hoops, and an Emacs daemon should persist between sessions (otherwise "daemon" would be a misnomer). Or is that use case really so uncommon?
We have a conflict here between "just work" and security. There are multiple workarounds for the problem that you mention; if none of them are convenient enough perhaps you can suggest a more-convenient one. The default should be secure, though.
if there is a security problem, how would it disappear by moving the socket to XDG_RUNTIME_DIR? Note that other tools like "screen" also place their sockets in a subdir of /tmp.
XDG_RUNTIME_DIR is guaranteed to be a directory owned by the user and readable and writable by nobody else. /tmp/emacsUID does not have that property.
Tools like 'screen' that predate XDG_RUNTIME_DIR traditionally suffered from similar security problems. On my Fedora 29 platform, 'screen' works around the problem by being setgid 'screen' and putting files under /run/screen/S-eggert, where /run/screen is mode drwxrwxr-x with owner 'root' and group 'screen'. The exact location of the /run/screen directory is platform-specific; I guess that it typically used to be /tmp/screens but got moved due to security concerns.
The 'screen' workaround does not appear to apply to Emacs, since Emacs is programmable and if Emacs were made setgid its users could easily modify Emacs's behavior to manipulate the contents of any such /run/emacs directory in any way they pleased.
| [Prev in Thread] | Current Thread | [Next in Thread] |